SonarCloud members from other companies?

Just wondering why we see any other members not connected even to our company when we try to add members to our SonarCloud instance?

image

Hey there.

SonarCloud users exist independent of the organization they belong to, and can belong to multiple.

This is not really different than inviting users to an org on GitHub.

Alright, well, from the security perspective, if I want to know if a company uses SonarCloud, I can do some research on SonarCloud. It just does not calculate well on my side to be honest. I understand that this is as per design, but, let’s say we do onboard more users and more organizations, does it mean that anyone in the world will be able to search for our users and find them in the list?

I’ve pinged the right team to see if they can provide some perspective. Hold tight. :slight_smile:

1 Like

Thanks @Colin. In reality, it might be possible to add someone by mistake as well, that’s why it should be better to keep the members separate, or if we have conneted a specific Azure DevOps organization, then we could see users in that organization. I hope this comes with Enterprise features.

Thanks for noting @darkowich. You are raising fair points. We will update the feature soon, and it is on the roadmap to close this gap as we move to the Enterprise domain.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.