If the Force user authentication property is set to false, the following API endpoints are accessible without authentication (click API endpoints below to expand the list): We strongly recommend forcing user authentication on production instances or carefully configuring the security (user permissions, project visibility, etc.) on your instance. To do this, log in as a system administrator, go to Administration > Configuration > General Settings > Security, and disable the Force user authentication property.ĭisabling the Force user authentication can expose your SonarQube instance to security risks. You can disable forced user authentication, and allow anonymous users to browse projects and run analyses in your instance. Authenticationīy default, SonarQube forces user authentication. SonarQube provides a built-in mechanism to encrypt settings. Administer Quality Profiles, Quality Gates, and the SonarQube instance itself.Īnother aspect of security is the encryption of settings such as passwords.Administer a project (set exclusion patterns, tune plugin configuration for that project, etc.).The ability to delegate to authentication (for more see Authentication).Īdditionally, you can configure at a group or user level who can:.The ability to force users to authenticate before they can see any part of a SonarQube instance.On-board authentication and authorization mechanisms. SonarQube comes with a number of global security features:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |