Sonarqube with public projects
Detects publicly accessible SonarQube projects.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the API endpoints to be tested. In this case, the filters include checking the response code to be greater than or equal to 200 and less than 300, and extracting the URL as a variable.
The execute section of the template defines the type of request to be executed, which is a single request in this case. It also specifies the request to be made by modifying the URL with the extracted variable from the API selection filters.
The validation section defines the criteria for validating the response of the executed request. In this template, it checks that the response code is equal to 200 and that the response payload contains specific elements such as 'results', 'items', and 'more'.
Frequently asked questions
What is the purpose of this test
How does this test identify publicly accessible SonarQube projects
What is the impact of publicly accessible SonarQube projects
What category and subcategory does this test fall under
What severity level is assigned to the findings of this test
Are there any references or resources available for further information