We are using SonarCloud, and when new projects are created by running the SonarQube Gradle scanner, the projects are public. We absolutely, 100% of the time, need our projects to NOT be visible to the general public internet. Never, under any circumstance, should projects be public by default.
How can I ensure that all projects created are private by default?
Hi @ryandanielspmc , welcome to the community.
There’s no way to do so via the Gradle plugin. You may have to create them first on SonarCloud as private, and push analyses onto them after.
HTH,
@mickaelcaro Thank you for the response. This seems like a glaring security issue. How can we open a bug to ensure that this problem gets fixed?
Thank you
Hi @ryandanielspmc ,FYI project auto-provisionning is deprecated, and will be removed soon. So there’s no big luck that we work on such rapidly.
Hmmm… project auto-provisioning is still working, and projects still default to public. What a massive security hole in a product that is supposed to be helping me with security/quality. Why is there such apathy about fixing this?
Paid organizations can default all new projects to be private, see our announcement about this feature: