SonarQube, an on-premise product for analyzing code quality and security, was vulnerable to unauthorized access due to misconfiguration of certain instances, allowing a user to collect snapshots of non-open-source code. The issue arose from the fact that these instances were accessible online without proper configuration. SonarSource has provided guidance on securing a SonarQube instance, including setting up 'Force user authentication' and considering project visibility settings. Although there is no software vulnerability in SonarQube itself, improvements have been made to guide users through necessary settings for new instances, limiting the use of default credentials and enforcing authenticated access.