Security features

SonarQube Community Build comes with a number of global security features:

• On-board authentication and authorization mechanisms.
• The ability to force users to authenticate before they can see any part of a SonarQube Server instance.
• The ability to delegate to authentication.

Additionally, it's possible to configure at a group or user level who can:

• See that a project even exists.
• Access a project's source code.
• Administer a project (set exclusion patterns, tune plugin configuration for that project, etc.).
• Administer Quality Profiles, Quality Gates, and the SonarQube Server instance itself.

Another aspect of security is the encryption of settings such as passwords. SonarQube Server provides a built-in mechanism to encrypt settings.

See:

• Managing user authentication
• Managing groups
• Managing user and group permissions at the system level
• Setting the project permissions of users and groups
• Encrypting sensitive settings