The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses.
Intrusions have taken place since at least April 2020, the FBI said in an alert sent out last month and made public this week on its website.
The alert specifically warns owners of SonarQube, a web-based application that companies integrate into their software build chains to test source code and discover security flaws before rolling out code and applications into production environments.
Read more…
Source: ZDNet