Is Modern Authentication (OAuth or equivalent) available for SonarQube email notifications?

ChaseDevOps · November 29, 2022, 3:14pm

Hello Sonar community!

My organization is using SonarQube Community Edition Version 8.9 (build 43852) to help with code scanning. As part of this process, we also have our instance of SonarQube send out emails using the built-in SMTP settings in Administration>General. We are using Office 365 as the email provider.

My concern comes as Microsoft will soon be disabling basic authentication. Article here: Basic Authentication Deprecation in Exchange Online – September 2022 Update - Microsoft Community Hub

I know that SMTP authentication is not explicitly stated as being disabled, however, I do know that our instance is using basic authentication (sending username/password) for the email setup. My question is this: Does SonarQube have the ability to use modern authentication or something like OAuth 2.0 for email setups? I have been unable to find anything regarding it in official documentation or in this forum.

This is mostly for looking ahead to the future as Microsoft has stated that they will eventually be phasing out SMTP authentication and I’d like to get ahead of the curve.

Any insight is appreciated.
-Chase

vivek.reghunath · December 7, 2022, 8:35am

Hello Chase,

Thanks for brining this to our attention. We do not have any alternative ways of authentication for emails in SonarQube at this point. Since Microsoft is not planning to phase out basic authentication for SMTP, we can re-evaluate this if such a change is announced.

ccampo · March 20, 2023, 3:43pm

Wouldnt you think it makes sense to use “modern authentication” rather than “basic authentication” simply because it reflects the current state of the art of authentication and is used by all modern services and not wait until they switch you off ?

Qaiser_Ahmad · April 13, 2023, 11:48am

Hello also we want to use receive E-Mails from Sonarqube because of reporting, but the lack of modern authentication doesn*t allow us to use it. Are they any plans change this? More and more companies can only accept modern authentication, especially in europe.

Right now we cannot receive E-Mails from Sonarqube, so this a big problem for us.