Hi. I’m trying to fix a security vulnerability for my Sonarqube instance. I have a Sonarqube 10.6 community edition deployed using a zip file. Currently, the setup is the default method of logging in using a username and password. What I’m trying to achieve is either the Sonarqube UI is accessible only using VPN, or implementing a federated login. Is either of this possible?
Depending on how you are hosting Sonarqube you can achieve the VPN part in the reverse proxy, the firewall (layer 7) or the web server.
As you mention a federated login as an option, if I understood you correctly, then there are plugins to use Azure AD (now called Entra) or any OAuth/OIDC service.
1 Like