<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>SonarQube Component on Software Factory</title><link>/operate/tools/sonarqube/</link><description>Recent content in SonarQube Component on Software Factory</description><generator>Hugo</generator><language>en</language><atom:link href="/operate/tools/sonarqube/index.xml" rel="self" type="application/rss+xml"/><item><title>Secrets, Tokens and Credentials in SonarQube</title><link>/operate/tools/sonarqube/secrets/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/operate/tools/sonarqube/secrets/</guid><description>&lt;p&gt;This document lists &lt;a href="/use/tools/sonarqube/secrets/"&gt;all secrets, tokens and credentials&lt;/a&gt;
 that can be
configured and managed by an administrator user in SonarQube Server.&lt;/p&gt;
&lt;h2 id="list-of-credentials"&gt;List of credentials&lt;a class="td-heading-self-link" href="#list-of-credentials" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h2&gt;
&lt;table&gt;
 &lt;thead&gt;
 &lt;tr&gt;
 &lt;th&gt;Credentials type&lt;/th&gt;
 &lt;th&gt;Usage&lt;/th&gt;
 &lt;th&gt;Official documentation link&lt;/th&gt;
 &lt;th&gt;Comment&lt;/th&gt;
 &lt;/tr&gt;
 &lt;/thead&gt;
 &lt;tbody&gt;
 &lt;tr&gt;
 &lt;td&gt;&lt;strong&gt;Tokens&lt;/strong&gt;&lt;/td&gt;
 &lt;td&gt;&lt;/td&gt;
 &lt;td&gt;&lt;/td&gt;
 &lt;td&gt;&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;User tokens&lt;/td&gt;
 &lt;td&gt;Authenticate to SonarQube Web API&lt;/td&gt;
 &lt;td&gt;&lt;a href="https://docs.sonarsource.com/sonarqube-server/2026.1/instance-administration/security/administering-tokens" class="external-link" target="_blank" rel="noopener noreferrer"&gt;User Tokens&lt;/a&gt;
&lt;/td&gt;
 &lt;td&gt;Provides traceability and reflects user permissions. Suitable for manual/API usage.&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;Project analysis tokens&lt;/td&gt;
 &lt;td&gt;Run analysis on a specific project&lt;/td&gt;
 &lt;td&gt;&lt;a href="https://docs.sonarsource.com/sonarqube-server/2026.1/instance-administration/security/administering-tokens" class="external-link" target="_blank" rel="noopener noreferrer"&gt;Project analysis tokens&lt;/a&gt;
&lt;/td&gt;
 &lt;td&gt;Recommended for CI/CD. Limits access to a single project, reducing impact if compromised (least privilege).&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;Global analysis tokens&lt;/td&gt;
 &lt;td&gt;Run analysis on all projects&lt;/td&gt;
 &lt;td&gt;&lt;a href="https://docs.sonarsource.com/sonarqube-server/2026.1/instance-administration/security/administering-tokens" class="external-link" target="_blank" rel="noopener noreferrer"&gt;Global analysis tokens&lt;/a&gt;
&lt;/td&gt;
 &lt;td&gt;Should not be used by default. Grants access to all projects and violates the principle of least privilege. Use only in exceptional cases where project-scoped tokens cannot be applied.&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;&lt;strong&gt;Other&lt;/strong&gt;&lt;/td&gt;
 &lt;td&gt;&lt;/td&gt;
 &lt;td&gt;&lt;/td&gt;
 &lt;td&gt;&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;User passwords&lt;/td&gt;
 &lt;td&gt;Local user authentication (fallback when SSO is not used)&lt;/td&gt;
 &lt;td&gt;&lt;a href="https://docs.sonarsource.com/sonarqube-server/2026.1/instance-administration/user-management/changing-user-password" class="external-link" target="_blank" rel="noopener noreferrer"&gt;Changing password&lt;/a&gt;
&lt;/td&gt;
 &lt;td&gt;Cannot be fully disabled. Should not be used when SSO is enabled; access must be enforced via external Identity Provider.&lt;/td&gt;
 &lt;/tr&gt;
 &lt;/tbody&gt;
&lt;/table&gt;

 &lt;div class="admonition note"&gt;
 &lt;div class="admonition-header"&gt;&lt;svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"&gt;&lt;path d="M0 64C0 28.7 28.7 0 64 0L224 0l0 128c0 17.7 14.3 32 32 32l128 0 0 125.7-86.8 86.8c-10.3 10.3-17.5 23.1-21 37.2l-18.7 74.9c-2.3 9.2-1.8 18.8 1.3 27.5L64 512c-35.3 0-64-28.7-64-64L0 64zm384 64l-128 0L256 0 384 128zM549.8 235.7l14.4 14.4c15.6 15.6 15.6 40.9 0 56.6l-29.4 29.4-71-71 29.4-29.4c15.6-15.6 40.9-15.6 56.6 0zM311.9 417L441.1 287.8l71 71L382.9 487.9c-4.1 4.1-9.2 7-14.9 8.4l-60.1 15c-5.5 1.4-11.2-.2-15.2-4.2s-5.6-9.7-4.2-15.2l15-60.1c1.4-5.6 4.3-10.8 8.4-14.9z"/&gt;&lt;/svg&gt;
 &lt;span&gt;Note&lt;/span&gt;
 &lt;/div&gt;
 &lt;div class="admonition-content"&gt;
 &lt;p&gt;SonarQube does not support API Keys or SSH keys. Authentication is primarily handled through tokens
and external identity providers.&lt;/p&gt;</description></item></channel></rss>