I’m using the sonar-runner plugin with gradle 1.6 and configuring my jdbc password in a gradle.properties file so as to not be in source code. The plugin however prints the value of that password right to the log (–info). Is there a way to turn off password printing?
Where does it show up? Under “Executing Sonar Runner with properties:”?
Peter - yes exactly. Would be useful to flag that property as printing with “*******” or to have a flag that eliminates printing properties all together (which may already exist - I’m running with --info on).
I agree that the password should be logged as ‘***’. I’ve created GRADLE-2817 for this.
‘tasks.sonarRunner.logging.level = “LIFECYCLE”’ is supposed to change the log level only for the ‘sonarRunner’ task, but as far as I know, per-task log levels aren’t currently working.
Peter - thanks for logging the issue. We are now looking to setup Jenkins as
step 1 = gradle --info clean build… step 2 = conditional (gradle sonarRunner) - “without the --info”
There is a Jenkins issue doing this - apparently doesn’t like step 2 being conditional - but doing sonar as a second step without --info is ok with us. Still think the issue is important to fix but not urgent for us.
Thanks for your support / help!