Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 115 Next »

Out of the box, SonarQube comes with a complete mechanism to manage security. Configuring security allows you to cover two main use cases:

  • Manage access rights to components, information, etc.
  • Enable customization (custom dashboards, notifications, etc.) of SonarQube for users
Here are examples of security restrictions you can enforce by configuring security in SonarQube:
  • Secure a SonarQube instance by forcing authentication prior to accessing any page
  • Make a given project invisible to anonymous users
  • Restrict access to a project to a given group of users
  • Restrict access to a project's source code (Code Viewer) to a given set of users
  • Define who can administer a project (setting exclusion patterns, tuning plugins configuration for that project, etc.)
  • Define who can administer a SonarQube instance

Delegating Authentication and Authorization to External Systems

In order to leverage existing enterprise infrastructure, SonarQube provides the capability to delegate authentication and authorization to external systems through plugins:

SSO is also supported through the SonarQube OpenID plugin.
  • No labels