Risks in trying sonar community with organizational code base?

Dear Sonar,
Community we want to first try with community version for end project till production?
I want to check Risks in using community sonar , will it expose code base and vulnerabilities to out side world?
Please suggest in details?

Hi Jitander,

Welcome to the community!

If you host your SonarQube instance on a server that’s not available on the general internet, you should be good. On top of that, you can set your default Permission Template to restrict the Browse permission so that it’s not available to the Anyone group (i.e. Anonymous).


Dear @ganncamp, Thank you very much the response!
Let us also figure out Permission Template before we have further query!

1 Like