Admin Access Requirements for Integrating SonarCloud with Bitbucket Repositories

Hello, everyone!

I am seeking some answers or advice on integrating SonarCloud with Bitbucket repositories. Once my team does not have administrative rights to our Bitbucket workspace, which appears necessary for the first-time setup and integration. We are considering temporarily granting admin access to a team member for the integration process, then revoking it post-integration while maintaining admin rights on SonarCloud. However, we are unsure if admin access is only required during SonarCloud’s initial setup or if it’s also needed for ongoing operations and maintenance post-integration. Has someone faced this type of block? Do we still need the Sonar account admin user to have full access to the bitbucket repository?
Any insights, documentation references, or similar experiences shared would be greatly appreciated!

Here are the details of our setup:

  • ALM used: Bitbucket Cloud
  • SonarCloud project: Private

Thanks!
Alessandra

Hi Alessandra,

Welcome to the community!

According to the docs, you need to:

grant access to the SonarCloud application to read your Bitbucket Cloud workspace. SonarCloud requests access for:

  • reading your account information.
  • reading your repositories and their pull requests.
  • reading your team membership information.

I’m not sure about the first point beyond the initial setup, but the “repositories and their pull requests” access is needed on an ongoing basis in order to annotate your pull requests with analysis results. And team membership information will be used, I believe, each time a new teammate starts using SonarCloud.

I suggest you have someone you trust to have and retain admin access do the initial setup. From there, the folks on the team can be granted the rights they need in SonarCloud selectively via the UI.

 
HTH,
Ann