Configuration to Ensure Proper Storage of User Credentials

Whether you have performed a fresh installation of the current Code Insight version or have migrated from a pre-2021 R4 version to the current version, perform the following steps to make sure that the Git SCM connector can properly store user credentials:

• Step 1: Ensure a Supported Git Client Version Is Installed

• Step 2: Ensure Git Cache Is Enabled

• Step 3: Enable the Client to Store Credentials Against the Repository Path

Step 1: Ensure a Supported Git Client Version Is Installed

The Git client 2.30 or later must be installed on the Scan Server.

To ensure that the latest Git client is installed, perform these steps:

1. Determine whether the Git client is installed on the Scan Server instance.
2. Perform the appropriate action:
   • If the Git client is installed, use the following command to determine its version:

git --version

• If the version is earlier than 2.30.0, install version 2.30.0 or later of the client. If you are running a Linux machine, see More About Git Client Versions Supported by Code Insight. Otherwise, see the download site listed in Installing an SCM Client.

• If the Git client is not installed, install a client version 2.30.0 or later. See the download site listed in Installing an SCM Client.

Step 2: Ensure Git Cache Is Enabled

• The Git cache must be enabled on the Scan Server instance to ensure that Git user credentials are securely stored and that connections to the Git repository over HTTPS are successful.

To ensure that Git cache is enabled, do the following:

1. Perform the following:
   • On Linux, execute the following command to enable Git cache:

git config --global credential.helper "cache --timeout=14400"

• The “credential helper” (a mechanism that fetches the user credentials and manages their caching) accepts the --timeout option, which updates the number of seconds that the helper’s daemon is kept running, thus determining how long the credentials are stored in cache. In this case, the cache will time out after 14400 seconds (4 hours). The default is 900 seconds (15 minutes).

• In Windows, no action is required. The Git Credential Manager, where the credentials are securely stored, is auto-enabled.

1. To verify that the cache is enabled, execute the following command:

git config --list

• On Linux, if the cache is properly set, the output of the command should contain the following element:

credential.helper=cache --timeout=<value>

• In Windows, if the output includes the credential.helper= <value> property, the credential helper is set.

Step 3: Enable the Client to Store Credentials Against the Repository Path

The following configuration instructs the Git client to provide the path portion of the remote URL to credential helpers. When the path is supplied, the Git Credential Manager uses the host name plus the path as the key when reading or writing credentials.

To enable the client to store credentials against the repository path, do the following:

1. Execute the following command:

   git config --global credential.httpusepath true 

2. Restart Tomcat.