By default anonymous access to Sonar is enabled, as well as anonymous access to projects. Minimal effort to disable anonymous access to Sonar, is as follows:
Option 2: Set access for projects.
Default for new projects, access is also set to “Anyone”, this can be disabled via “Configuration” -> “Project Roles”. Now you can set the “Default Roles for New Projects” and “Projects”.