Summary
When configuring DevOps Platform Integrations with GitLab in SonarQube Developer Edition, the “Check configuration” button reports success even if the provided GitLab token lacks API access. Because API access is required for posting Quality Gate statuses to merge requests, the current validation is misleading.
Problem
- A GitLab token without API access is accepted as “valid” by “Check configuration”.
- Administrators are then puzzled why Quality Gate results never appear on MRs.
- This increases troubleshooting time and leads to misconfiguration in production.
Proposed Solution
Enhance “Check configuration” to verify that the supplied GitLab token includes the minimum required scopes/permissions for Quality Gate status reporting. If missing, surface a clear error or warning that lists the required scopes.
Steps to Reproduce (current behavior)
- Administration → DevOps Platform Integrations → GitLab.
- Enter a GitLab personal access token without API access.
- Click “Check configuration”.
- Result: Validation passes; no Quality Gate statuses are posted to MRs.
Impact
Misleading validation increases configuration time and delays adoption of MR status reporting.
