Here it is : ua-cam.com/video/zM2DOalHxHY/v-deo.html You may refer Sonarqube playlist as well : ua-cam.com/play/PLF5kUO89mjNp42MdwMnExXVDNQ7Xv-0ao.html
Using a single token for all projects in SonarQube and Jenkins is not recommended for security reasons. Tokens are typically used to authenticate and authorize access to specific resources or actions. Using a single token for all projects can pose significant security risks: Lack of Granularity: A single token would provide the same level of access to all projects and actions within SonarQube and Jenkins. This means that anyone with the token would have unrestricted access to all projects, including potentially sensitive or critical ones. Difficulty in Revoking Access: If the token were compromised or if someone with access needed to have their permissions revoked, you would need to invalidate the token for all projects, affecting legitimate users and processes. Audit Trail Issues: Using a single token makes it challenging to track who performed specific actions within SonarQube and Jenkins. This can be critical for auditing and troubleshooting purposes. Limited Role-Based Access: Security best practices often involve implementing role-based access control (RBAC) to ensure that users and systems have appropriate permissions. Using a single token bypasses RBAC mechanisms. To maintain better security and access control: In SonarQube, consider creating separate tokens with appropriate permissions for each project or group of projects. This way, you can control who can access and perform actions on specific projects. In Jenkins, use built-in authentication and authorization mechanisms. Jenkins supports a wide range of authentication methods, including LDAP, Active Directory, and more. You can also set up fine-grained access control using the Role-Based Authorization Strategy plugin.
can you please explain how sonar qube line of code, price of per edition, and how each edition use LOC limit is count. if we have source code of number of line (like 50 lac) then we will buy plan according to that ....then over lince limit will be over...if its over then we have again buy somthing.
ERROR: Error during SonarScanner execution ERROR: You're not authorized to analyze this project or the project doesn't exist on SonarQube and you're not authorized to create it. Please contact an administrator. -> getting this error, any idea how it can be resolved?
Thank you! This video was really helpful and steps are easy to follow, I've tried several tutorials but only with yours I succeeded.
which version of Sonarqube and Jenkins are you using in this video please answer?
How do I get count of code smells, bugs count etc for all projects ?
Any specific url via api? or any other way to retrieve such data ?
Check the Sonarqube playlist on my channel. You will find dedicated videos on these topics.
I wanted to know the new code coverage analysis video please share the link
Here it is : ua-cam.com/video/zM2DOalHxHY/v-deo.html
You may refer Sonarqube playlist as well : ua-cam.com/play/PLF5kUO89mjNp42MdwMnExXVDNQ7Xv-0ao.html
Please confirm if in sonarqube analysis shows failed then why pipeline is not getting failed?
U made it easy 😀
Thank you for letting me know that you find it helpful 😊
um hello of the brazil, thnx
Thank you!
Bro for every project , token should be same or it changes.
Using a single token for all projects in SonarQube and Jenkins is not recommended for security reasons. Tokens are typically used to authenticate and authorize access to specific resources or actions. Using a single token for all projects can pose significant security risks:
Lack of Granularity: A single token would provide the same level of access to all projects and actions within SonarQube and Jenkins. This means that anyone with the token would have unrestricted access to all projects, including potentially sensitive or critical ones.
Difficulty in Revoking Access: If the token were compromised or if someone with access needed to have their permissions revoked, you would need to invalidate the token for all projects, affecting legitimate users and processes.
Audit Trail Issues: Using a single token makes it challenging to track who performed specific actions within SonarQube and Jenkins. This can be critical for auditing and troubleshooting purposes.
Limited Role-Based Access: Security best practices often involve implementing role-based access control (RBAC) to ensure that users and systems have appropriate permissions. Using a single token bypasses RBAC mechanisms.
To maintain better security and access control:
In SonarQube, consider creating separate tokens with appropriate permissions for each project or group of projects. This way, you can control who can access and perform actions on specific projects.
In Jenkins, use built-in authentication and authorization mechanisms. Jenkins supports a wide range of authentication methods, including LDAP, Active Directory, and more. You can also set up fine-grained access control using the Role-Based Authorization Strategy plugin.
@@Engineerhoon Hi Bro thanks for clarifying my question. Much appreciated. Can I have your WhatsApp number Bro?
Good one
Thank you! Do browse through the channel for more interesting stuffs 😃
can you please explain how sonar qube line of code, price of per edition, and how each edition use LOC limit is count. if we have source code of number of line (like 50 lac) then we will buy plan according to that ....then over lince limit will be over...if its over then we have again buy somthing.
i am getting, 0 lines analyzed for .net core project in sonarqube panel. can you guide me?
awsome
Thank you!
I installed a plugin but I do not have an option( prepare SonarQube scanner environment )
Please check Jenkins version. Try on latest. Try restarting Jenkins.
ERROR: Error during SonarScanner execution ERROR: You're not authorized to analyze this project or the project doesn't exist on SonarQube and you're not authorized to create it. Please contact an administrator. -> getting this error, any idea how it can be resolved?
How to use in pipeline. Only showing build environment in freestyle not in pipeline
"Error during SonarScanner execution" getting this error after i triggered build
Check logs for error
sorry am not check the environment variable good thank you!
Correct 👍