In our organization we have multiple private Github repositories. For some repositories, we are working with outside collaborators. These collaborators do not have access to other Github repositories.
The question is how do I add them to SonarCloud? I understand (from Adding external collaborators as user with synchronized github membership) that I need to change the member synchronization to manual and manually add these users.
But by doing so, wouldn’t that add them to our SonarCloud organization and then allow them to access our other private repositories on SonarCloud itself (even just read the code)?
Not necessarily. This is a question of project permissions. It will be easiest to manage this with groups. Where the outside collaborators are granted permission on the projects relevant to them through a group, let’s say “Collab” and you make sure that Collab doesn’t have permissions to any other projects.
Thanks, that helps.
Eventually I had to create a new group for all the organization members (those that need access to all repositories), because everyone is a member of the default “members” group, and I kept the outside collaborators out of that new group and let them access only the repositories they need.