The Federal Bureau of Investigation has issued an alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and businesses. The alert, coded as MU-000136-MW, was issued on October 14th, but only publicly disclosed last week.
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.