System + Access Logs

warner-godfrey · May 22, 2020, 3:21am

ALM used: Azure DevOps
CI system used: Azure DevOps
Scanner command used when applicable: n/a
Languages of the repository: n/a
Steps to reproduce: n/a
Potential workaround: unknown

Given the sensitive nature of the information kept in SonarCloud our organisation requires logs to be ingested into a Security Information and Event Management (SIEM) system

Is there a way to view/export/forward system logs and access logs from a SonarCloud Organisation?

If not, is this a feature that sonarsource would consider?

Fabrice_Bellingard · May 26, 2020, 4:03pm

Hi Warner,

there is no way to view/export/forward system and access logs from a SonarCloud Organization into a SIEM system.

Such a feature is not in our radar. Given that it is the first time we’ve got such a request, I don’t think this is something we’ll consider for now. Obviously, this might change in the future if we get more and more requests about this!

warner-godfrey · May 26, 2020, 11:19pm

Thanks for your response @Fabrice_Bellingard,

Unfortunately this will be a problem for us adopting a SaaS solution. It will be an unacceptable security risk if we cannot audit system access in the event of a user’s credentials being compromised. I understand that no-one else has asked for such a request, however as a consultant working across many enterprises, this will be a show stopper.