Skip to end of metadata
Go to start of metadata

Security

SonarQube 3.7+

Any user who's granted Execute Analysis permission can run an analysis.

If the Anyone group is not granted Execute Analysis permission or if the SonarQube instance is secured (the sonar.forceAuthentication property is set to true), the credentials of a user having been granted Execute Analysis permission have to be provided through the sonar.login and sonar.password properties. Example: sonar-runner -Dsonar.login=myLogin -Dsonar.password=myPassword

Note that for a preview/incremental analysis, the user also has to be granted the Browse permission on the project to be analyzed.

SonarQube 3.4 to 3.6.3

If a project cannot be accessed anonymously, the sonar.login and sonar.password properties are required to run an analysis on this project. These properties have to be set to the credentials of a user having the User role on this project. You can set them either:

  • directly on the command line by adding -Dsonar.login=myLogin -Dsonar.password=myPassword
  • or in the build.xml file

A project cannot be anonymously accessed when either:

Prior to SonarQube 3.4

There is no security restriction.

  • No labels