We are trying to enforce user authentication (from Administration → Security on left hand panel). For our Gitlab pipeline to create, analyse and update the projects on SonarQube we need to create token. There is no option in SonarQube to create token at project level, we can only create at user level. We created a token using a non admin user account and we see that it is able to create new projects and access existing projects as well.
Does it mean that any token we create with any user can access any project on the SonarQube whether the user has access to that project or not?
Can you please suggest if there is a better way to achieve this?
PS: We have installed “GitLab (GitLab Plugin for Reporting) version 4.1.0-SNAPSHOT” plugin.