Out of the box, SonarQube comes with a complete mechanism to manage security (authentication + authorization). Configuring security allows you to cover two main use cases:
- Manage access rights to components, information, etc.
- Enable customization (custom dashboards, notifications, etc.) of SonarQube for users
Here are examples of security restrictions you can enforce by configuring security in SonarQube:
- Secure a SonarQube instance by forcing authentication prior to accessing any page
- Make a given project invisible to anonymous users
- Restrict access to a project to a given group of users
- Restrict access to a project's source code (Code Viewer) to a given set of users
- Define who can administer a project (setting exclusion patterns, tuning plugins configuration for that project, etc.)
- Define who can administer a SonarQube instance
Delegating Authentication and Authorization to External Systems
In order to leverage existing enterprise infrastructure, SonarQube provides the capability to delegate authentication and authorization to external systems through plugins:
- LDAP with the SonarQube LDAP Plugin
- Active Directory with the SonarQube LDAP Plugin
- PAM with the SonarQube PAM Plugin
- Crowd with the SonarQube Crowd Plugin
Authentication and authorization can also be delegated to an external system: LDAP or Active Directory with the SonarQube LDAP Plugin, PAM with the SonarQube PAM Plugin or Crowd with the SonarQube Crowd Plugin. SSO is also supported through the SonarQube OpenID plugin.
Another aspect of security is the encryption of settings such as passwords. SonarQube provide a built-in mechanism to encrypt settings.