Reputation: 9651
How to secure SonarQube 5.2?
The Release notes for SonarQube 5.2 indicate that scanners no longer access the database directly.
With SonarQube 5.1, it's possible to ensures that the dashboard only ever shows reports on code in version control by configuring the database to only accept connections from the build server.
With SonarQube 5.2, I wouldn't expect this approach to work, because scanners aren't connecting directly to the database.
How can SonarQube 5.2 be secured so that only the build server can update the results shown on the dashboard?
Upvotes: 2
Views: 786
Answers (1)
Reputation: 26843
This is really straightforward:
Make sure that your build server runs SQ analyses with non-empty
sonar.loginandsonar.passwordproperties- Usually, the user corresponding to this
sonar.loginis a technical user
- Usually, the user corresponding to this
In the SQ Web Administration console, go to "Security > Global Permissions" and make sure that only the user corresponding to
sonar.loginhas the "Execute Analysis" permission
Note that this can (or I'd even say "should") be done even on versions older than 5.2.
Upvotes: 2
Related Questions
- SonarQube Exclude a directory
- sonarqube ignores sonar.junit.reportPaths
- SonarQube MSBuild integration failed - using MSBuild definition for building .Net Application
- Sonar update 5.0.1 to 5.1: "Can not render widget measure_filter_list" on "Projects" dashboard
- How to secure SonarQube 5.4?
- SonarQube 5.2 issues refresh on dashboard
- Sonarqube ghost projects in issues