Badges on private projects

Is this feature scheduled for work sometime soon? It seems like an excruciatingly simple task with a big payoff.

12 Likes

Hi,

It’s not.

I know on the face of it, this does seem simple, but to show a badge, we have to expose a measure. On a project where “Anyone” isn’t allowed to see measures. So… the fun part is exposing only the measure you want to show up in your badge, without exposing all measures, and at the same time not requiring you to pass an auth token in your badge request. Why not just use an auth token? Because currently auth-tokens have all privileges of their source-users, so we really don’t want to put them out there in the wild.

Hope this makes sense.

 
Ann

2 Likes

It seems to me that by pre-building badges and caching them after analysis is complete would be pretty straightforward without needing to expose anything other than the badges you’ve asked to generate. I’m obviously not familiar with the architecture of sonarcloud, but you guys are the only ones not doing it out of all the packages I’ve tried.

UP vote for this feature request.
How about, export the badges for private repos into a parallel storage and provide API for that, if the private repo choose to do so.

+1 upvote

Hi all,

Just discovered this topic.

My company developed a badge feature, I believe similar to what you are asking for, which is part of an Atlassian App (SonarQube Connector for Confluence)

Maybe it is not ideal for the problematic you were bringing to the community, but if you are Confluence and SonarQube users, our SonarQube Connector for Confluence may be helpful for you.

Here is the link: https://marketplace.atlassian.com/apps/1218460/sonarqube-connector-for-confluence?hosting=server&tab=overview

If anyone has any questions, do not hesitate in reaching me out.

Cheers
Andrea

+1 upvote

Badges for private projects already worked with the QualInsight/qualinsight-plugins-sonarqube-badges.

+1 upvote

Could you please share the details how to get badges for private project? I’m ok passing sonar API token to the web request but that doesn’t work either. Here is the request I expect should work but it doesn’t not:

curl -u MY_TOKEN: https://sonarcloud.io/api/project_badges/measure?project=MY_PROJECT_KEY&metric=bugs

+1 upvote.

I’m leading the introduction of SonarCloud into our organization. People are asking for badges. Would be nice to have this.

+1 upvote

+1 upvote

+1 up vote

Nope. Development of this plugin stopped 3 years ago and in not compatible with latest SonarQube, e.g 7.9 or later. Now I try to adapt it to new versions, but faced with authorization. I think this is the only thing that separates me from the working plugin so far.

+1 up vote

+1 up vote.

My team is introducing SonarQube for code quality and coverage reporting as part of build pipeline to all projects in organization. Badges are very important for giving a constant feedback to development team as they are more likely to see this info in Git repo than specifically checking Sonarqube. Without this the impact of having these metrics available is less and thus the value of SonarQube itself.

1 Like

+1
SonarCloud is falling a bit behind all other services that already provide this. =/

Why cant “Anyone” see all measures? Its not sensitive information. As long as the source code isn’t leaked who cares if metrics are public?. I’m not seeing a need for military grade security here.

In any case, generating a token for badges is trivial. Every programing language has access to a random number generator which is secure enough for badges. It just needs to be stored in a database and checked on GET requests for the badge. The changes should be less than 10 lines of code.

I think you’re over-thinking this

We’ve resurrected the related ticket (MMF-1178) and it’s now in our short-term roadmap. I can’t give an ETA though.

1 Like

FYI, sprint is in progress :rocket:

2 Likes