All SonarSource products come with enterprise-grade security to ensure tight access control on sensitive projects. SonarQube platforms can be fully secured using industry-standard SSL security and provide a role-based authentication and authorization mechanism. This makes it possible to implement a robust enterprise security policy.
SonarSource products support an infinite number of users and groups of users. Users can be attached to one or more groups, and assigned one or more roles. SonarSource products come with three project-specific roles – project administrators, project users and project code viewers – and the rights and capabilities of each role are different.This role-based mechanism ensures that project resources can be isolated and accessed only by those users and groups that actually own them.
SonarSource products can be integrated with external systems such as LDAP, Apache DS, Microsoft Active Directory and Atlassian Crowd. Common tasks, such as authentication and authorization verification can be delegated to those systems which significantly simplifies their management through this integration. This enables enterprises to add SonarSource products to their existing Application Lifecycle Management (ALM) infrastructure with minimal overhead.
Single Sign-On (SSO) Support
The SonarQube platform supports the OpenID standard through plugins, making it simple to integrate with standards-based enterprise authentication infrastructure. This enables deeper integration of the SonarQube platform with existing ALM infrastructure. The SonarQube platform also provides an API extension to enable developers to support integration with other authentication schemes.