My company has an SonarQube, and we need to expose it to the internet. SonarCloud is not an option now.
Now we were able to create a reverse proxy, using PingAccess, and then we can reach SonarQube, but the problem is that it is fully opened to the internet and the usage of token to authenticate is very weak according to our security team, then we should use token + a certificate for example. The first try was to use ping federate token, but then the header classes with the sonarqube token.
We would like to know how if it is possible to use mTLS, where the client would have a valid certificate and only when it is valid the connection is established. Or any other option is welcome in order to make it more secure.