Sync Github groups to SonarCloud

Hello team,

In our company we have about 200 developers in about 30 teams. Granting rights to people (who come and go) is a lot of work.
We already have teams in Github, which are managed by the teams themselves (they are admin of their own team). So we would like to have those teams synced to Sonarcloud groups as well.

Imho, adding features to minimise administrative work would make SonarCloud more enterprise friendly

Hi @leontebbens, it’s cool to see back here
Making SonarCloud more enterprise friendly is on our roadmap
When you talk about the sync of GitHub’s teams, you mean

1. the synchronisation of the members (when a member is added or removed, it is reproduced on SonarCloud’s side)
2. When a GitHub team’s member is granted new permission (e.g access a repo, create a PR, etc), SonarCloud must grant the same permission (e.g access a repo’s files)
3. both?
4. Anything else that would make your life easier?

Thank for your help
Kind regards,
Christophe

Hi @Christophe_Havard

We would like to have

1. Syncing members from Github to Sonarcloud. So when a new developer is granted access to our Github organization, he/she/… can immediately also log in to Sonarcloud.
2. This sync should also work in reverse: when a member is removed from our Github organisation, this member is also removed from Sonarcloud.
3. Syncing teams from Github to Sonarcloud. So when a developer is added tot a Github team, he/she/… is also automatically added to the corresponding team in SonarCloud. This developer can then immediately use all the Sonarcloud projects of that team (the projects where that teams has admin access to).
4. And also in reverse: removing a member from a team in Github does remove the member from the corresponding team in Sonarcloud.

Does this help?

Best, Léon

Hey Léon,
Thanks for your answer.
About point 1. and 2., it seems to me that the synchronization already exist between SonarCloud and GitHub for users (I just tested it to be sure). Do I miss something on my side related to your setup? Please note in the case of public projects, anyone is able to see your SonarCloud project.

image2890×1202 228 KB

About point 3. and 4.,

1. do you expect the groups to be automatically created on SonarCloud’s side when you import the GitHub organisation?
2. Do you also expect that SonarCloud matches the projects a user can have access to with the repositories this user has access to on GitHub’s side?
3. Final question, what kind of permission do you expect SonarCloud to give if the user is not the admin of the GitHub organisation? Execute Analysis would be enough?

Thanks,
Christophe

Hi,

Yes point 1 and 2 are already possible (I just included them to draw a complete picture of our needs .

About 3 and 4: yes auto creation of groups is what we really need. An automatch on projects would be a great extra. Permission should be administer of the projects of the group (including execute rights) and create new projects in/for that group.

Our vision is to have zero day-to-day tasks for admins in a SonarCloud coupled with an Enterprise Github Cloud organisation.

Best,
Léon

Note that I made some edits in the previous post

Hi @leontebbens ,
Thank you for your precisions, it does help
I’ll let you know when the topic moves on our side
Kind regards,
Christophe

Hi @Christophe_Havard Any updates on this topic, please? It is really required for any large organizations.

Hi @Prabhu ,
what is your need exactly? Something not supported by the current GitHub user synchronization?

Apologies missed this, I believe GitHub user sync will make sure the GitHub based authentication works fine for all individual GitHub users but is there any way to reuse the GitHub teams in SonarCloud groups or something like that?

Hello @Prabhu ,

This is a feature that is already available on SonarQube and definitely something that we want to bring to SonarCloud as well. You can subscribe to this card on our public roadmap to get all updates.