Hi We are using SonarQube Enterprise Edition in our project which is integrated with Corporate Azure AD for SAML authentication which is working fine. However our internal security team reported security finding with “SonarQube Login Panel Exposed” So could you please suggest how we can remediate this finding. else they are asking to deploy SonarQube to VPN infrastructure. Could you please suggest how to fix this with Disabling the local authentication and allow with SAML login
Hi,
If I understand correctly, you’re asking how to entirely remove SonarQube’s native login.
Sorry, but that’s not possible.
Ann
Internal Security scanning tools reporting keeping this login panel open, which makes potentially vulnerable for exposure to allow bad actors to perform brute-force attacks on the web application
Hi Team, Please suggest on the above request as its security exposure and Internal Security team is asking for hiding the login option.
Hi,
Again,
Ann