I follow the documentation on this page to setup analysis of pull requests. However, all that requires API keys, which has to be encrypted, and cannot be decrypted (for security reasons) for pull requests. Therefore, I cannot setup SonarCloud for pull requests.
(Only pull requests that come from the branches on the same fork can potentially work, but I am mainly interested in pull requests from branches on other forks.)
Is there any workaround/solution for such scenarios? i.e., analyze pull requests without being dependent of project-defined/provided API keys.
Sorry for the late response.
Analyzing PR from forked repositories is currently only possible with Autoscan. Unfortunately Autoscan doesn’t support C# so it won’t fit your need.
You can vote/follow this ticket to keep track of progress on this feature.
Hi @benoit, it seems from the ticket that this will allow to analyse PRs from branches in forks for public repositories.
What about private repositories?
It is common for our developers to setup PRs from their forks. Right now these PRs aren’t being analysed, even though they are members of our GitHub organisation.
Is there a ticket for this use case to be covered?