All organizational repositories visible when creating new project in SonarCloud


  • ALM used (GitHub, Bitbucket Cloud, Azure DevOps)
  • Steps to reproduce
    Context: SonarCloud paid plan linked with GitHub Enterprise Cloud organization
  1. Login to SonarCloud with GitHub-non-admin user
  2. Click on analyze new project and select your organizational context
  3. You will see a list of all repositories in the chosen organization even though you don’t have access to them in GitHub (private organizational repositories)

Is this behavior expected? Can we do something about it?
I think it would make sense to assume that in SonarCloud one can analyze only projects they have already access to in GitHub.

Hey there.

By default on a new SonarCloud organization, the Create Projects permission is only assigned to Owners of that SonarCloud organization. When creating the project – the user is not authenticating direclty with GitHub, rather the SonarCloud application that was installed on your GitHub organization is.

So if the presence of certain repositories is sensitive, you’ll want to be careful about granting this permission.

Anything related to permissions after a project has been created can be dealt with via permission templates.

That was really quick! It makes sense, the SonarCloud app has access to all repositories indeed. In this case we will need to adjust our permission settings.
Thank you very much!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.