emuthiah
commented
4 years ago Pull request: https://github.com/BCDevOps/sonarqube/pull/25
Closed emuthiah closed 4 years ago
emuthiah
commented
4 years ago Pull request: https://github.com/BCDevOps/sonarqube/pull/25
WadeBarnes
commented
4 years ago Pull request merged.
The default setting for authentication is disabled in sonarqube. This allows anonymous users access sonarqube and view pretty much everything including source code. This is not an issue for code in public repos, however it could be an issue if private code repos are used.
Sonarqube setting: /admin/settings?category=security
This can be addressed by setting environment variable
SONAR_FORCEAUTHENTICATION=true