SonarCloud Token
Service Name: SonarCloud
Service Description: SonarCloud is a cloud-based code quality and security service that automatically analyzes and provides feedback on code to detect bugs, vulnerabilities, and code smells in your codebase. It supports multiple programming languages and integrates with popular CI/CD platforms.
Service Address: https://sonarcloud.io/
Validation Type: API Auth
IP Allow list: Does not exist at the token level, but organization administrators can configure IP address restrictions at the organization level.
Secret Access Scope: Grants programmatic access to SonarCloud API, allowing users to perform operations such as analyzing code, retrieving quality metrics, managing projects, and configuring settings based on the token's permissions.
Secret Revokement URL: https://sonarcloud.io/account/security/
Secret Example: squ_12345abcdef67890abcdef12345abcdef12345ab
Suspicious Activity Investigation Instructions:
- Review the SonarCloud audit logs for unusual project access or configuration changes
- Check for unexpected code analysis runs or project creations
- Monitor for unauthorized changes to quality gates or quality profiles
- Look for unusual API calls or access patterns from unfamiliar IP addresses
- Verify if there are any new webhooks or integrations that were recently added
Mitigation Instructions:
-
Log in to your SonarCloud account at https://sonarcloud.io/
-
Navigate to "My Account" by clicking on your profile picture in the top-right
corner
- Select the "Security" tab
- Locate the compromised token in the list of tokens
- Click the "Revoke" button next to the token
- Generate a new token with appropriate permissions if needed
- Update any legitimate CI/CD pipelines or integrations with the new token
- Consider implementing organization-level IP restrictions for additional security