1

I see on the page Settings Encryption a section about the MSBuild.SonarQube.Runner configuration file. But the documented portion has a format which doesn't match the example SonarQube.Analysis.xml file.

However, I have tried putting these properties in the SonarQube.Analysis.xml file, in a format corresponding to the current one. Long story made short, the msbuild.sonarqube.runner puts the {aes}encrypted password in the Basic authorization field of the HttpRequest sent to SonarQube.

I guess that the client should unencrypt the password before putting it in the Authentication header. Otherwise, the sonarQube server won't allow the user to query the properties Uri (something like /api/properties?resource=projectKey)

Pascal Berger
  • 4,262
  • 2
  • 30
  • 54
nilleb
  • 967
  • 6
  • 28

1 Answers1

1

You're right, I've fixed the documentation to reflect the effective format of the SonarQube Scanner for MSBuild.

Regarding the encryption of the sonar.password property, this is currently not supported by the MSBuild Scanner: It does not (yet?) know about the encryption logic, and therefore sees the raw encrypted value only. However, some other properties can be encrypted: the ones that are read during the end step of the SonarQube Scanner for MSBuild, which is under the hood launching the sonar-runner.

I've created the following ticket to keep track of this limitation: https://jira.sonarsource.com/browse/SONARMSBRU-192

Dinesh Bolkensteyn
  • 2,971
  • 1
  • 17
  • 20