virtualMachinesonarqube

Secure SonarQube

Authentication and Authorization

In the Bitnami package for SonarQube™, user authentication is activated by defatul using the users/groups mechanism. Refer to the first steps section in order to find the default credentials.

You can configure the SonarQube application to use a different authentication mechanism as described in SonarQube’s official authentication documentation.

You can also customize the User/Groups authorization settings along with the project and global permissions. Please refer to the SonarQube’s official authorization documentation for more information.

Settings Encryption

SonarQube provides a mechanism to encrypt the settings, which is very useful for removing clear passwords and credentials from the configuration files.

By default, these settings are not encrypted in the Bitnami package for SonarQube™. It is strongly recommended to encrypt them in order to enforce the security of your application. Please folllow the steps described at SonarQube’s official Encryption documentation in order to do so.

Last modification December 21, 2022