Out of the box, SonarQube comes with a complete mechanism to manage security (authentication + authorization). Configuring security allows you to cover two main use cases:
Manage access rights to components, information, etc.
Enable customization (notifications, etc.) of SonarQube for users
Here are examples of security restrictions you can enforce by configuring security in SonarQube:
Secure a SonarQube instance by forcing authentication prior to accessing any page
Make a given project invisible to anonymous users
Restrict access to a project to a given group of users
Restrict access to a project's source code to a given set of users
Define who can administer a project (setting exclusion patterns, tuning plugins configuration for that project, etc.)
Define who can administer a SonarQube instance
Authentication and authorization can also be delegated to an external system:
LDAP or Active Directory - LDAP Integration
Crowd - SonarQube Crowd Plugin
GitHub - GitHub Authentication Plugin
Bitbucket - Bitbucket Authentication Plugin
Third-party proxies in front of the server via HTTP headers.
Another aspect of security is the encryption of settings such as passwords. SonarQube provides a built-in mechanism to encrypt settings.