An alert warning has been sent out by the Federal Bureau of Investigation warning of threat actors abusing misconfigured SonarQube application in order to steal source code form US government agencies as well as private businesses.
An alert sent out last month by the FBI was made public on their website this week detailing the intrusions which have taken place since at least April 2020. The alert provides a warning to the owners of SonarQube, a web-based application used by companies to test source code and discover security flaws before rolling out code and apps into production environments.