sodul commented on pull request #4102: URL: https://github.com/apache/incubator-dolphinscheduler/pull/4102#issuecomment-736697969
Hi @Jave-Chen @CalvinKirs, Any repository permissions that might need to be changed to enable this security improvement must be done by someone with administrative permission on the repository, and on the SonarCloud side. I personally have neither, nor do I desire to be granted these privileges. My main goal was to inform you that your SonarCloud token is stored in plain text in your repository which is not a good security practice. I consider the project to be informed and I do not plan to take any further action on the matter since I am not related to the project, and my original goal was to find examples of how SonarCloud was integrated with GitHub Actions on other projects. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
