You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2022/01/04 19:22:57 UTC

[GitHub] [dolphinscheduler] sodul commented on pull request #4102: SECURITY: SONAR_TOKEN should be a secret

sodul commented on pull request #4102:
URL: https://github.com/apache/dolphinscheduler/pull/4102#issuecomment-1005104296


   @dailidong The conflict was simply the yaml file being renamed since I opened the PR. If the sonar token has been added to the repository then you should be able to merge it.
   
   I'm sorry but I'm not a user of dolphin scheduler so I'm not going to be able to contribute further to the project. I just stumbled on this as I was looking for examples of Sonar+GitHub Worflows integrations and noticed your sonar token was open to the public. Others could use the token to control your sonar project.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org