By default anonymous access to Sonar is enabled, as well as anonymous access to projects. Minimal effort to disable anonymous access to Sonar, is as follows:
Option 1: Require a user to login when accessing Sonar.
For this go to “Configuration” -> “General Settings” -> “Security”, and set “Force authentication user” to true.
Option 2: Set access for projects.
Default for new projects, access is also set to “Anyone”, this can be disabled via “Configuration” -> “Project Roles”. Now you can set the “Default Roles for New Projects” and “Projects”.