In azure Pipelines, when we run a build pipeline that integrates with sonar cloud, it’s common for a personal access token (PAT) to be automatically created. is it expected behavior.
Hey there.
That sounds odd. What token do you see being created and where? Screenshots/logs would be helpful here.
Thanks.
In fact – this isn’t coming from running the pipeline, but by going through the onboarding UI (where the token is generated so it can be used).
It seems annoying that the token is always generated (there’s no option to reuse an existing one) and I’ll flag this for attention.
Its not created in Jenkins and SonarQube but why its created in azure and sonar cloud?
SonarQube asks you to explicitly generate a token, while SonarCloud generates one as soon as you start the onboarding tutorial for a new project. They are simply not aligned at this stage.
You can’t avoid this token being created when you create the project via the UI. You will have to clean it up (delete it) if you don’t plan on using it.
However, your feedback is well received about the noisy token generation.
Hello and thank you for your input on this. It’s much appreciated.
Yes, this is “expected” behavior, it happens for every azure/sonarcloud integration and it’s not a mistake on your side.
As Colin explained, we need to generate a token when you go through the tutorial so we can display it on the UI and make the onboarding smooth for people who are not familiar with this.
However, we believe this can be improved so we don’t stack dozens of tokens if you don’t use them. We’ve added it in our roadmap.
Best regards,
