This version of the SonarQube documentation is no longer maintained. It relates to a version of SonarQube that is not active.

Security features

SonarQube Server comes with a number of global security features.

SonarQube Server comes with a number of global security features:

  • On-board authentication and authorization mechanisms.

  • The ability to force users to authenticate before they can see any part of a SonarQube Server instance.

  • The ability to delegate to authentication.

Additionally, it’s possible to configure at a group or user level who can:

  • See that a project even exists.

  • Access a project’s source code.

  • Administer a project (set exclusion patterns, tune plugin configuration for that project, etc.).

  • Administer Quality Profiles, Quality Gates, and the SonarQube Server instance itself.

Another aspect of security is the encryption of settings such as passwords. SonarQube Server provides a built-in mechanism to encrypt settings.

See:

Last updated

Was this helpful?