Does anyone have any information on what rights the SonarQube application should have in the DBMS?
Should the application have full access or only be able to do certain things such as INSERT, ALTER, or UPDATE for example? It seems like a serious logical security issue to have the application have unrestricted access.
Indeed the application must have access to create, edit, or delete any schema object whatsoever (tables, indexes, triggers, whatever). It does not need system administrator privs.
Our first installation at my work was seriously screwed up because our anal security and database admin teams would not give our application the schema roles it required. Think of problems like poor referential integrity and missing indexes.... it wasn't pretty.
If you don't trust the application then install both the app and database in a segregated network, I guess.