How can I keep users of the VSTS plug-in from picking my personal organization?

vsts

(Jeroen Vos) #1

As the title suggests, currently there seems no way to generate an organization specific token. This means that whoever creates the SonarCloud service connection with his/her token exposes their personal organization to have projects created in by the plug-in. This is mostly a problem because projects sent there (by mistake) are open to the public.

How can I keep my users from selecting the personal organization?


(Jeroen Vos) #2

Ok, so i’ve at least found a way to make a bit less painful if they do select the personal organization. I’ve removed my own rights to create new projects and perform analysis in this organization. This does not mean that the organization is not visible in the list anymore, but it should keep us from accidentally publishing source code in the open.