Hello, I administer a SonarQube Enterprise Edition Instance within my company and we’re focused on tracking user activity within SonarQube.
In my company, it’s important to keep track of some specific user activity, for contextual security reasons.
The ideal scenario would be a logging functionality that would generate evidence of logins/logouts, and its respective date and time.
I’d like to know if there is a way of logging each one of these actions:
1- User login
2- Users accesses between projects
3- Any other user action within the server
if you want to track user access you should use the $SONARQUBE_HOME/log/access.log
It’s possible to increase the loglevel to DEBUG during runtime for a specific time and set back to
INFO without having to restart Sonarqube server.
For security reasons you should use LDAP authentication or similar and Apache httpd as reverse proxy.
Apache has also an access.log and security related settings you may use in addition.
Would you mind explaining why you want/need to track which projects a user accesses? Why isn’t it sufficient just to only provide the minimum needed access via permissions?
Also, it’s worth noting that in Enterprise Edition($$), you have audit logs of security-sensitive changes.