diff --git a/sonar/transport.go b/sonar/transport.go
index 4693ab4..41a10b8 100644
--- a/sonar/transport.go
+++ b/sonar/transport.go
@@ -9,11 +9,25 @@ import (
 // TransportConfig holds configuration for the SDK-managed HTTP transport.
 // It is ignored when WithHTTPClient is also used.
 type TransportConfig struct {
-	TLSClientConfig     *tls.Config
-	MaxIdleConns        int
-	IdleConnTimeout     time.Duration
+	// TLSClientConfig customizes the TLS settings used for HTTPS connections.
+	//
+	// Security warning: setting TLSClientConfig.InsecureSkipVerify to true
+	// disables server certificate verification, which exposes the connection to
+	// man-in-the-middle attacks and can leak the auth token and source-code
+	// metadata exchanged with SonarQube. Only use it against a trusted local or
+	// development instance, never in production.
+	TLSClientConfig *tls.Config
+	// MaxIdleConns controls the maximum number of idle (keep-alive) connections
+	// across all hosts. Zero means no limit.
+	MaxIdleConns int
+	// IdleConnTimeout is the maximum time an idle connection is kept before
+	// closing. Zero means no limit.
+	IdleConnTimeout time.Duration
+	// TLSHandshakeTimeout is the maximum time to wait for a TLS handshake.
+	// Zero means no timeout.
 	TLSHandshakeTimeout time.Duration
-	DisableCompression  bool
+	// DisableCompression disables transparent gzip request/response compression.
+	DisableCompression bool
 }
 
 // buildTransport creates an *http.Transport from cfg.