Sensitive Data: SonarQube Default Login - Detect¶

Identifier: sonarqube_default_login

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

SonarQube code quality platform may be accessible with default credentials, allowing unauthorized access to code analysis results, project configurations, and administrative functions.

How we test: We attempt to authenticate to the SonarQube web interface using common default username and password combinations. If authentication succeeds, we report the vulnerability.

Reference:

https://docs.sonarsource.com/sonarqube/9.6/instance-administration/security/#:~:text=When%20installing%20SonarQube%2C%20a%20default,Password%3A%20admin

Configuration¶

Example¶

Example configuration:

---
security_tests:
  sonarqube_default_login:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.