Sync Github groups to SonarCloud

Hello team,

In our company we have about 200 developers in about 30 teams. Granting rights to people (who come and go) is a lot of work.
We already have teams in Github, which are managed by the teams themselves (they are admin of their own team). So we would like to have those teams synced to Sonarcloud groups as well.

Imho, adding features to minimise administrative work would make SonarCloud more enterprise friendly :slight_smile:

Hi @leontebbens, it’s cool to see back here :wink:
Making SonarCloud more enterprise friendly is on our roadmap :slight_smile:
When you talk about the sync of GitHub’s teams, you mean

  1. the synchronisation of the members (when a member is added or removed, it is reproduced on SonarCloud’s side)
  2. When a GitHub team’s member is granted new permission (e.g access a repo, create a PR, etc), SonarCloud must grant the same permission (e.g access a repo’s files)
  3. both?
  4. Anything else that would make your life easier?

Thank for your help :slight_smile:
Kind regards,
Christophe

Hi @Christophe_Havard

We would like to have

  1. Syncing members from Github to Sonarcloud. So when a new developer is granted access to our Github organization, he/she/… can immediately also log in to Sonarcloud.
  2. This sync should also work in reverse: when a member is removed from our Github organisation, this member is also removed from Sonarcloud.
  3. Syncing teams from Github to Sonarcloud. So when a developer is added tot a Github team, he/she/… is also automatically added to the corresponding team in SonarCloud. This developer can then immediately use all the Sonarcloud projects of that team (the projects where that teams has admin access to).
  4. And also in reverse: removing a member from a team in Github does remove the member from the corresponding team in Sonarcloud.

Does this help?

Best, LĂ©on

Hey LĂ©on,
Thanks for your answer.
About point 1. and 2., it seems to me that the synchronization already exist between SonarCloud and GitHub for users (I just tested it to be sure). Do I miss something on my side related to your setup? Please note in the case of public projects, anyone is able to see your SonarCloud project.

About point 3. and 4.,

  1. do you expect the groups to be automatically created on SonarCloud’s side when you import the GitHub organisation?
  2. Do you also expect that SonarCloud matches the projects a user can have access to with the repositories this user has access to on GitHub’s side?
  3. Final question, what kind of permission do you expect SonarCloud to give if the user is not the admin of the GitHub organisation? Execute Analysis would be enough?

Thanks,
Christophe

Hi,

Yes point 1 and 2 are already possible (I just included them to draw a complete picture of our needs :slight_smile: .

About 3 and 4: yes auto creation of groups is what we really need. An automatch on projects would be a great extra. Permission should be administer of the projects of the group (including execute rights) and create new projects in/for that group.

Our vision is to have zero day-to-day tasks for admins in a SonarCloud coupled with an Enterprise Github Cloud organisation.

Best,
LĂ©on

Note that I made some edits in the previous post

Hi @leontebbens ,
Thank you for your precisions, it does help :slight_smile:
I’ll let you know when the topic moves on our side :wink:
Kind regards,
Christophe