can you please explain how sonar qube line of code, price of per edition, and how each edition use LOC limit is count. if we have source code of number of line (like 50 lac) then we will buy plan according to that ....then over lince limit will be over...if its over then we have again buy somthing.
ERROR: Error during SonarScanner execution ERROR: You're not authorized to analyze this project or the project doesn't exist on SonarQube and you're not authorized to create it. Please contact an administrator. -> getting this error, any idea how it can be resolved?
Using a single token for all projects in SonarQube and Jenkins is not recommended for security reasons. Tokens are typically used to authenticate and authorize access to specific resources or actions. Using a single token for all projects can pose significant security risks: Lack of Granularity: A single token would provide the same level of access to all projects and actions within SonarQube and Jenkins. This means that anyone with the token would have unrestricted access to all projects, including potentially sensitive or critical ones. Difficulty in Revoking Access: If the token were compromised or if someone with access needed to have their permissions revoked, you would need to invalidate the token for all projects, affecting legitimate users and processes. Audit Trail Issues: Using a single token makes it challenging to track who performed specific actions within SonarQube and Jenkins. This can be critical for auditing and troubleshooting purposes. Limited Role-Based Access: Security best practices often involve implementing role-based access control (RBAC) to ensure that users and systems have appropriate permissions. Using a single token bypasses RBAC mechanisms. To maintain better security and access control: In SonarQube, consider creating separate tokens with appropriate permissions for each project or group of projects. This way, you can control who can access and perform actions on specific projects. In Jenkins, use built-in authentication and authorization mechanisms. Jenkins supports a wide range of authentication methods, including LDAP, Active Directory, and more. You can also set up fine-grained access control using the Role-Based Authorization Strategy plugin.
Thank you! This video was really helpful and steps are easy to follow, I've tried several tutorials but only with yours I succeeded.
Good one
Thank you! Do browse through the channel for more interesting stuffs 😃
U made it easy 😀
Thank you for letting me know that you find it helpful 😊
How do I get count of code smells, bugs count etc for all projects ?
Any specific url via api? or any other way to retrieve such data ?
Check the Sonarqube playlist on my channel. You will find dedicated videos on these topics.
um hello of the brazil, thnx
Thank you!
Please confirm if in sonarqube analysis shows failed then why pipeline is not getting failed?
i am getting, 0 lines analyzed for .net core project in sonarqube panel. can you guide me?
awsome
Thank you!
can you please explain how sonar qube line of code, price of per edition, and how each edition use LOC limit is count. if we have source code of number of line (like 50 lac) then we will buy plan according to that ....then over lince limit will be over...if its over then we have again buy somthing.
ERROR: Error during SonarScanner execution ERROR: You're not authorized to analyze this project or the project doesn't exist on SonarQube and you're not authorized to create it. Please contact an administrator. -> getting this error, any idea how it can be resolved?
How to use in pipeline. Only showing build environment in freestyle not in pipeline
Bro for every project , token should be same or it changes.
Using a single token for all projects in SonarQube and Jenkins is not recommended for security reasons. Tokens are typically used to authenticate and authorize access to specific resources or actions. Using a single token for all projects can pose significant security risks:
Lack of Granularity: A single token would provide the same level of access to all projects and actions within SonarQube and Jenkins. This means that anyone with the token would have unrestricted access to all projects, including potentially sensitive or critical ones.
Difficulty in Revoking Access: If the token were compromised or if someone with access needed to have their permissions revoked, you would need to invalidate the token for all projects, affecting legitimate users and processes.
Audit Trail Issues: Using a single token makes it challenging to track who performed specific actions within SonarQube and Jenkins. This can be critical for auditing and troubleshooting purposes.
Limited Role-Based Access: Security best practices often involve implementing role-based access control (RBAC) to ensure that users and systems have appropriate permissions. Using a single token bypasses RBAC mechanisms.
To maintain better security and access control:
In SonarQube, consider creating separate tokens with appropriate permissions for each project or group of projects. This way, you can control who can access and perform actions on specific projects.
In Jenkins, use built-in authentication and authorization mechanisms. Jenkins supports a wide range of authentication methods, including LDAP, Active Directory, and more. You can also set up fine-grained access control using the Role-Based Authorization Strategy plugin.
@@Engineerhoon Hi Bro thanks for clarifying my question. Much appreciated. Can I have your WhatsApp number Bro?
I installed a plugin but I do not have an option( prepare SonarQube scanner environment )
Please check Jenkins version. Try on latest. Try restarting Jenkins.
"Error during SonarScanner execution" getting this error after i triggered build
Check logs for error
sorry am not check the environment variable good thank you!
Correct 👍