cgsecurity
commented
6 years ago What I have done seems to match the documentation from https://docs.travis-ci.com/user/sonarcloud/ Is this really a problem ?
Closed ThisNameIsNotAllowed closed 6 years ago
cgsecurity
commented
6 years ago What I have done seems to match the documentation from https://docs.travis-ci.com/user/sonarcloud/ Is this really a problem ?
ThisNameIsNotAllowed
commented
6 years ago I'm fully with you, not seeing any problem in doing so.
It's just the feeling to hide such things from public places.
Personally I would go for the definition of the sonar token within the repository settings. (https://docs.travis-ci.com/user/environment-variables/#Defining-Variables-in-Repository-Settings)
It seems as if you hardcoded your token->secure to the
.travis.ymlfile. You might want to change this to a setting or some non public place.