In our company we have about 200 developers in about 30 teams. Granting rights to people (who come and go) is a lot of work.
We already have teams in Github, which are managed by the teams themselves (they are admin of their own team). So we would like to have those teams synced to Sonarcloud groups as well.
Imho, adding features to minimise administrative work would make SonarCloud more enterprise friendly
Hi @leontebbens, it’s cool to see back here
Making SonarCloud more enterprise friendly is on our roadmap
When you talk about the sync of GitHub’s teams, you mean
the synchronisation of the members (when a member is added or removed, it is reproduced on SonarCloud’s side)
When a GitHub team’s member is granted new permission (e.g access a repo, create a PR, etc), SonarCloud must grant the same permission (e.g access a repo’s files)
Syncing members from Github to Sonarcloud. So when a new developer is granted access to our Github organization, he/she/… can immediately also log in to Sonarcloud.
This sync should also work in reverse: when a member is removed from our Github organisation, this member is also removed from Sonarcloud.
Syncing teams from Github to Sonarcloud. So when a developer is added tot a Github team, he/she/… is also automatically added to the corresponding team in SonarCloud. This developer can then immediately use all the Sonarcloud projects of that team (the projects where that teams has admin access to).
And also in reverse: removing a member from a team in Github does remove the member from the corresponding team in Sonarcloud.
do you expect the groups to be automatically created on SonarCloud’s side when you import the GitHub organisation?
Do you also expect that SonarCloud matches the projects a user can have access to with the repositories this user has access to on GitHub’s side?
Final question, what kind of permission do you expect SonarCloud to give if the user is not the admin of the GitHub organisation? Execute Analysis would be enough?
Yes point 1 and 2 are already possible (I just included them to draw a complete picture of our needs .
About 3 and 4: yes auto creation of groups is what we really need. An automatch on projects would be a great extra. Permission should be administer of the projects of the group (including execute rights) and create new projects in/for that group.
Our vision is to have zero day-to-day tasks for admins in a SonarCloud coupled with an Enterprise Github Cloud organisation.
Apologies missed this, I believe GitHub user sync will make sure the GitHub based authentication works fine for all individual GitHub users but is there any way to reuse the GitHub teams in SonarCloud groups or something like that?
This is a feature that is already available on SonarQube and definitely something that we want to bring to SonarCloud as well. You can subscribe to this card on our public roadmap to get all updates.