Similarly, all non-local accounts will be authenticated only against the external tool.Īn Administrator can manage tokens on a user's behalf via Administration > Security > Users. When you create a user in SonarQube's own database, it is considered local and will only be authenticated against SonarQube's own user/group database rather than against any external tool (LDAP, Active Directory, Crowd, etc.). See the Authentication & Authorization section of the Plugin Library. Via external identity providers such as an LDAP server (including LDAP Service of Active Directory), GitHub etc.Via the SonarQube built-in users/groups database.Authentication MechanismsĪuthentication can be managed through a number of mechanisms: We advise keeping Force user authentication enabled if you have your SonarQube instance publicly accessible. api/sources/show (for public repositories).api/sources/scm (for public repositories).To do this, log in as a system administrator, go to Administration > Configuration > General Settings > Security, and disable the Force user authentication property. You can disable forced user authentication, and allow anonymous users to browse projects and run analyses in your instance. Authenticationīy default, SonarQube forces user authentication. SonarQube provides a built-in mechanism to encrypt settings. administer Quality Profiles, Quality Gates, and the SonarQube instance itself.Īnother aspect of security is the encryption of settings such as passwords.administer a project (set exclusion patterns, tune plugin configuration for that project, etc.).the ability to delegate to authentication (for more see Delegating Authentication)Īdditionally, you can configure at a group or user level who can:.the ability to force users to authenticate before they can see any part of a SonarQube instance.
on-board authentication and authorization mechanisms.
SonarQube comes with a number of global security features:
0 kommentar(er)
