What are you trying to accomplish?
Enable SonarCloud through GitHub actions with a different identy, perhaps a short-lived identity instead of a long-lived secret confined to a single account
Why does this matter to you?
This is important to us as the long lived secrets are inherently insecure, and secrets tied to one individual account makes it difficult to be managed when the individual is unavailable
How would that look in SonarCloud? Alternatives?
I do not see any alternatives in SonarCloud today, enabling SonarCloud via GitHub actions provides one way, that is via creating secrets in the GitHub repository.
How would we know it works well?
Short lived identities are a standard practice in the cloud native ecosystem, this enables a better identity management for the users, and revocation isn’t a hassle when the identity is short lived in the first place.
Why should it be a priority now?
I think this is a primary capability in terms of security in the cloud native world. Considering P0 is the utmost priority, this sure falls as a P1.
Make sure to check out our product roadmap as well, to see if your need is already being considered.