Versions Compared

Old Version 4

changes.mady.by.user Jan Todek

Saved on

compared with

New Version 5

changes.mady.by.user Bartosz Walter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Permissions can be granted to groups or individual users. By default policy , all projects are public. Anyone , meaning all active Geant project participants logged user in can browse and see the source code.

Project Policies

Project creation

  • Projects are created by development teams or people responsible for quality management on request.

...

  • The CI triggers project creation: when the CI starts for the first time, it creates a matching project in SonarQube. The default name of the project in SonarQube is the repository's name

...

  • in Gitlab (it would be the same

...

  • as Github).
  • The user creates his personal token in SonarQube and

...

  • configures it in the CI

...

  • to authorize the job to connect to SonarQube. The token will be stored as a masked variable in Gitlab (the user needs to decide whether to store the token at the project

...

  • or

...

  • group level).

The CI makes use of the following Docker image: https://hub.docker.com/r/sonarsource/sonar-scanner-cli (there are other images available that can be tested), which is documented here: https://docs.sonarqube.org/latest/analyzing-source-code/scanners/sonarscanner/

Integrations of other kind kinds are documented here: https://docs.sonarqube.org/latest/analyzing-source-code/ci-integration/overview/

Project deletion

Projects that have not been analyzed in the last 18 months will be automatically deleted without prior notice , unless the development or QA team needs to keep a specific project.

...

The Geant SonarQube instance runs on the Developer Edition, which does not allow the enforcement of token policies such as expiration dates or token types. To ensure security and proper management of tokens:

  • Tokens that have not been used for more than over 12 months will be automatically revoked without prior notice.
  • Users are responsible for managing their personal tokens, i. e. they They should check them regularly and remove the ones that are no longer in use.
  • When a project is discontinued or it does not need SonarQube anymoreno longer needs SonarQube, the associated token should be removed immediately to prevent unauthorized access.

User Deletion Policy

The Geant SonarQube instance implements a user retention policy to ensure security and efficient account management. To prevent the accumulation of inactive accounts:

  • Users who have not logged in for

...

  • over 2 years can be deleted without prior notice.

  • It is the responsibility of users to maintain active access if they wish to retain their

...

  • accounts.

  • When a user account is deleted, all associated personal tokens and project permissions will be permanently removed.

  • If a deleted user needs access again, they can re-register via

...

  • sign-in with their federated account by SSO, and they need to request

...

  • permission from an administrator.

  • Project owners should ensure

...

  • critical project permissions are not solely assigned to inactive users to prevent disruptions.