You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Permissions

Permissions can be granted to groups or individual users. By default policy all projects are public. Anyone active Geant project participants logged user can browse and see the source code.

Project Policies

Project creation

Projects are created by development teams or people responsible for quality management on request.

Project creation is triggered by the CI: when the CI starts for the first time, it creates a matching project in SonarQube. The default name of the project in SonarQube is the name of the repository in Gitlab (it would be the same with Github).

The user creates his personal token in SonarQube and cofigures it in the CI, to authorize the job to connect to SonarQube. The token will be stored as a masked variable in Gitlab (the user needs to decide whether to store the token at project level, or the group level).

The CI makes use of the following Docker image: https://hub.docker.com/r/sonarsource/sonar-scanner-cli (there are other images available that can be tested) which is documented here: https://docs.sonarqube.org/latest/analyzing-source-code/scanners/sonarscanner/

Integrations of other kind are documented here: https://docs.sonarqube.org/latest/analyzing-source-code/ci-integration/overview/

Project deletion

Projects that have not been analyzed in the last 18 months will be automatically deleted without prior notice, unless the development or QA team needs to keep a specific project.

Token Management Policy

The Geant SonarQube instance runs on the Developer Edition, which does not allow the enforcement of token policies such as expiration dates or token types. To ensure security and proper management of tokens:

  • Tokens that have not been used for more than 12 months will be automatically revoked without prior notice.
  • Users are responsible for managing their personal tokens, i.e. they should check them regularly and remove the ones that are no longer in use.
  • When a project is discontinued or it does not need SonarQube anymore, the associated token should be removed immediately to prevent unauthorized access.

User Deletion Policy

The Geant SonarQube instance implements a user retention policy to ensure security and efficient account management. To prevent the accumulation of inactive accounts:

  • Users who have not logged in for more than 2 years can be deleted without prior notice.

  • It is the responsibility of users to maintain active access if they wish to retain their account.

  • When a user account is deleted, all associated personal tokens and project permissions will be permanently removed.

  • If a deleted user needs access again, they can re-register via sing in with their federated account by SSO and they need to request the necessary permissions from an administrator.

  • Project owners should ensure that critical project permissions are not solely assigned to inactive users to prevent disruptions.

  • No labels