SonarQube Project VisibilityβοΈ
This documentation serves as a detailed guide on configuring access rights within SonarQube projects. It is primarily aimed at ensuring that only authorized users can view and interact with the projects hosted on the SonarQube platform. The guide is structured to assist both new and existing SonarQube projects in managing their visibility settings effectively.
Upon logging into SonarQube through the OpenID Connect mechanism, users are automatically assigned to the sonar-users group, granting them access to all projects. However, this document outlines methods to customize these default settings to enhance security and privacy. It is divided into two main sections: one focusing on restricting access for the new projects and the other on configuring access for the existing projects.
Restrict Access for New ProjectsβοΈ
In its default configuration, SonarQube does not restrict access to newly created projects, making them accessible to all instance users. To modify this behavior and set new projects to private by default, follow these instructions:
-
Open the SonarQube UI in the browser.
-
Navigate to the
Administrationtab:
Nexus user settings Note
Ensure you have admin rights to see the
Administrationsection. -
Click the
Projectsbutton and selectManagement:
Nexus user settings -
On the project management page, click pencil icon at the top-right corner::
Nexus user settings -
Select Private and click Change Default Visibility:
Nexus user settings
Configure Access for Existing ProjectsβοΈ
To make all the current projects private, follow the steps below:
-
In the Projects tab, enter the project you want to make private.
-
In the project page, click the Prject Settings button and select Permissions:
Nexus user settings -
In the project permissions page, select Private:
Nexus user settings -
Repeat the procedure for all of the projects you want to make private.