Azure DevOps & Service Account Token

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)?

  • what are you trying to achieve
    Trying to run SonarQube scan in Azure DevOps pipeline

  • what have you tried so far to achieve this
    Have used a service connection that uses a personal access token.

Hello All,

I’m hoping someone can help me with something I seem to be missing. Our SonarQube server is setup and I am able to run an analysis against my code from my local machine as well as from our Azure DevOps pipeline using a Service Connection I created in Azure DevOps, but it’s using the token I created on the SonarQube server.

Given that my team of developers will all be running this pipeline we certainly don’t want it running under a personal token. As well at the end of this project there will be hand-off and again we certainly don’t want to be using a personal token.

I tried looking around the SonarQube server to see how to create more like a “service” token but I can’t seem to find it. I’m sure I must simply be missing something obvious as I would be very surprised to only be able to use personal tokens.

Hoping someone will be kind enough to help me find what I’m looking for or help me understand how personal tokens are expected to be used in pipelines being run by multiple developers.


Hi @NHNicole,

So just to be at the same level information, you have 2 notions of tokens in SonarQube in the context of Azure DevOps :

  • The what we called simply “token”, which is intended to be used as a login, and is managed in the Security section of your account on SonarQube. This token will serve to authenticate analysis and other web api calls.
  • The Personal Access Token, which is manage on Azure DevOps (in your profile as well), and is used, with certain scopes, to be used to decorate Pull Requests.

That being said, and given what you said, i suppose that you are relating to the token that is used to run analyses.

What i suggest here is to create an account on Azure, a technical one, which will be dedicated to both hold the token on SonarQube, and the PAT on Azure’s side, so then there’s only on place to manage both of them.
As this will be an Azure AD account, you will be able to signup to SonarCloud with it, and give it sufficient privileges to run analysis.

Would that make sense in your context ?


Yes, that would make sense in our context. Thank you very much!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.