GitHub Authentication for users without organizations

SonarQube Server / Community Build
,
1

SonarQube version: 10.6 installed with Docker

I’m trying to configure GitHub authentication. Looks like the GitHub app that SonarQube uses to connect with GitHub doesn’t work if a user installs it on their personal account?

i.e. If a GitHub user does not have any organizations, and they:

  • Navigate to the GitHub app’s page (https://github.com/apps/our-app)
  • Install and authenticates to their personal account
  • Try to login using GitHub on SonarQube
  • SonarQube returns an error: ‘xyz’ must be a member of at least one organization which has installed the SonarQube GitHub app

Works fine however, if the user has an organization and the app is installed in a GitHub Organization

Am I doing anything wrong? Is is possible to authenticate users who aren’t part of any organizations?

4

Hi @jet,

Your analysis is correct: you must install the SonarQube app in an organization.

This is for security reason: otherwise any GitHub users would be able to create an account on your instance.

Cheers,
Aurélien

5

Thank you for the clarification Aurélien!

Our use case is that we work with contractors and don’t usually add them to our GitHub org (they are added to individual repos, so they show up as external contributors in the GitHub org), is there any way we can allow these users to log in to our SonarQube instance with their GitHub account?

9

Hi again @jet :wave:

There is a great workaround that could help you to (1) remain in control of which users can log in to your SonarQube (2) have a good solution would be to create an additional GitHub organization for your external contributor.

You could add all the external contributors to this specific organization and whitelist this one in your SonarQube-GitHub auth settings.

As soon as one contractor stops working with you, you can remove him/her from your special GitHub organization, and he will lose the ability to log in to SonarQube.

2 Likes