With the release of sonarqube 5.2, the decorator and batch components have been deprecated. Going through the code I found that they want us to use MeasureComputer instead.
Now, I had a plugin which needs the email settings of the sonar setup, fetch some basic user information and the assignee of each issue.
How do I access the email settings and user information?
Update
As per this JIRA ticket, the data associated to the analysis is sent to some compute engine which resides at the sonar server. This is where the issues are created, assigned e.t.c. So, the information regarding the issue will no longer be available even in some PostJob.
User finder alternative: I am now using the user web service to fetch information I require as far the author of the issue is concerned.
IssueFilter helps me lay my hands on each issue that is reported.
My purpose here is to create a custom report immediately after the analysis where a link to each issue is shown. I don't think I'll be able to achieve this using the sonar plugin.
Related
I created a code in Bot-frame composer and published in azure Bot. We have used SSO(single sign-on) in the azure bot. Created a manifest file and published in app studio in MS teams. I am getting the messages twice when I open the chat for the first time. What is the solution to resolve it.
For this issue there are two different approaches to solve.
Check whether you are using webhooks or not. If you are using webhooks, check whether you are having multiple webhooks with same ID, which could send double messages.
This can be some weird approach. Sometimes, microsoft authentication issue will raise and if you are still having issue after checking webhooks, kindly contact the customer support of Microsoft and ask them to reset the app secret key and re-deploy the application.
There is another reason behind this, because of the previous login issues stored in SDK can cause the duplicate messages.
https://github.com/microsoft/botframework-sdk/issues/4387
https://github.com/microsoft/botframework-sdk/issues/5798
Check the above links for reference.
I am curious to know of available options, that a developer can use to secure sensitive information inside the mobile application. This is to prevent anyone from breaking the app and use keys for some nefarious purposes. Example of sensitive data includes passwords of APIs, which app can use seamlessly in the background to retrieve data.
Code obfuscation can help but cannot prevent from stealing the information;
Local storage options such as nativescript-couchbase or nativescript-secure-storage -if my understanding is correct- depends on feeding the information manually after installing the app. But the information needs to be available inside the app at the time of shipping.
OAuth is not an option as it requires the user to login in order to receive the tokens. JWT is neither an option, as the APIs are protected just using basic authentication.
I am using nativescript/angular2 but i would appreciate any generic simple yet effective ideas..
I think you are looking for obfuscation here, securing the information within your source code. By default {N} has uglify plugin configured within webpack, it gives the basic obfuscation.
There is Jscrambler support which is paid.
Also, speaking of Sqlite, there is commercial version of the plugin that supports encryptions but I haven't tried it personally. You may feed your data into it and pack your db at build time then install the db on first launch.
How to use external CyberArk vault to store credentials in free version Jenkins?
Here you can find info regarding the standard jenkins credentials plugin - that provides an API for external storage.
But after digging a while on the net, I’ve found that:
1. Cyberark vault is available on Cloudbees Jenkins only
2. HarshiCorp vault plugin is available for free
3. Here is a nice example how wrong permissions policy can lead to exposing all credentials. I tried it, works like a magic! :)
You really don't want to store credentials (or any sensitive secret, really) in Jenkins. It's not a vault and should never be used as one. Otherwise you'll end up with your Jenkins servers becoming a major target for attackers.
Instead, integrate your Jenkins pipelines to pull secrets securely into executors only when needed, and discarded when the build/test job is done. This is easily done with something like Summon, which is integrated with many vaults already, including Conjur (which is a CyberArk product, too). Both are open source offerings.
This blog post describes an approach to integrating Jenkins with a vault along the lines of what I've described above.
Appears that CyberArk released Jenkins plugin which supports that scenario:
https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Integrations/jenkins.htm
You might want to look at https://github.com/tmobile/t-vault .
This will eliminate the need to manage policies. You could create one safe per project folder or job in jenkins.
You can create approles and grant access to safe for the approle. Each project can use corresponding approle. You can grant access to individuals to the safe as well. Users can then use the webui to author and update the secrets.
I have a google app engine application which needs to be given a public-private key pair. I don't want to check this into source control because it will be accessible by too many people. Since this is GAE I can't use the build system to write the keys to the file system of the server.
Is there a known best practice for this?
My first thought was does Jenkins provide a way to manage keys securely? I know I can just copy the keys to a location on the jenkins server and copy them into the build but this project will be used by third party teams so I need to provide a UI based solution in jenkins. I did not find any relevant plugin but I would like to make sure there isn't a better way before writing my own.
There are of course several approaches to this. I believe certificates are a concern of admins, not developers.
What we do is have custom admin pages where we upload certificates to blobstore under separate namespace. Then we have an internal "service" (just a simple factory) so that other pieces of code can retrieve certs.
If you are happy to use a cloud based Jenkins, we (CloudBees) have an oauth based solution at appengine.cloudbees.com
You could roll your own. It is not excessively tricky. You will need to
Register with google's api console to get a client key and secret and define the endpoints that your app will show up as
Write some way if feeding those credentials to your Jenkins build. I would recommend using the credentials plugin
Either write a build wrapper that exposes the refresh token to your build (python sdk deployment) or exposes the access token (java sdk... Got to love that the two sdks do the same thing in different ways)
Or use our free service ;-)
We want to add tracking statistics to a web application we are building but are pretty unsure of how to go about it. (i.e. clicks, pageviews, unique visits etc)
Does anyone have any articles on the best way to go about incorporating tracking data into an application ? i.e. javascript tracking or IIS etc ?
We want to add tracking in as a ASP.NET MVC module - but we are unsure as to the best way to actually get the data and essentially 'track' this information ?
If anyone could help out - much appreciated.
Edit: just to be clear, we want to do this in-house and present the stats to our users as an additional fee module?
You can turn on the logging for IIS and then use the SQL Server Report Server Pack for IIS. It comes with many canned reports for your sites stats and then you could take it from there with your own custom reports.
You could also just use log parser to get the stats into a SQL Server DB and then you could use SQL from their to analyse and roll your own app.
Either way, you could modularize this and sell it as an add-on to your customer base.
You could use Piwik, you just need PHP version 5.1.3 or greater and MySQL version 4.1 or greater. As they say in their website, "Piwik aims to be an open source alternative to Google Analytics."
They have a demo on the official website so you can see if it's what you're looking for.
Google analytics is a popular service. You just insert a bit of javascript on every page that contains your sites name and Google tracks the data and provides all the report on a handy web based dashboard.
It's not an ASP.net MVC module like what you mentioned, but it will certain track stats for you and will be a lot simpler to set up than trying to code or integrate anything yourselves.
I'd look at analytics to begin with and only branch out to something more complex if it doesn't meet your requirements.
klabranche provided a holistic answer in terms of using logs of web server. I think using web server log is a a great way to analyse data of your web application.
That being said, depend on your web application and the scope of your analytics, just relay on web server log is not a good way to.
As you may know, web log does not record users behaviors like clicking certain tabs which may not trigger a web server request. Obviously your web log has no idea whether users clicked that tab or not, this may hurt your analyse.
Another you need to know is browser cache, this may create another black hole in your data.
RECAP
If you want to do a holistic analytics, you need to use two approaches, one is JavaScrip tag, another one is web log. Since both of them have shortages, combining them together will give you a complete picture.
Hope this helps