Integration with Azure DevOps stops workings


We are using SonarCloud and the integration with Azure DevOps portal. We set the Personal Access Token in the Integration with Azure DevOps Services section of the settings to allow SonarCloud interact with Azure Devops. We have set the token’s expiration date to be far in the future and it is not being regenerated or revoked.

Once we set it up it works for few days (analyses the code on PR) but after few days it stops working and we have to re-enter the same token on SonarCloud settings page to make it work again. We have quite a few project and it is very annoying because it happens very often.


When you say “it’s stops working”, what kind of error do you have to assume that it’s related to the PAT ?




the status of the quality gate sonar cloud task when it is run by AzureDevops on PR is grayed out so it suggests that the sonarcloud cannot access the Azure DevOps. Also it starts working again when I re-enter the code in the SonarCloud settings

Could you post a screenshot of the grayed out quality status, so that i’m sure of what you are talking about ?




Other questions :

  • Do you have a “Publish Quality Gate result” task in your build ? If yes, does it work ? Do you have the quality gate in the summary of the build just executed ?
  • Do you have any warning on SonarCloud’s side ? When you go on the “Background tasks” under administration of your project, does all of them succeeded ?


I have, and everything is working fine when I set it up (the sonarcloud is adding comments to PR and blocking the merge if for example the coverage is not sufficient…). But then, as I mentioned, occasionally it stops working and I have to update the key (usually just pasting again the same key is enough).
There are only Success messages in background tasks, nothing failed or cancelled.

Do you have any timestamp of when you observe this behavior so we can try to check the logs on our side ?


I don’t have the exact time, the last time we had this problem was last Wednesday. I can let you know when it occur again

1 Like

Have you tried waiting few minutes between the end of the PR build and the check of the status ?

yes, it is not that. you have to check in the code why would re-entering same DevOps key in SonarCloud fix the issue (even if the key has the expiration time far in the future)

Hi @newsign

Sorry to ask again, but I would like to be sure to understand your issue. You have generated a token on Azure side, and set it in SonarCloud settings here:

It works for a while, but after some time, you have to re-enter the same token. Am I correct?

Here is what you could investigate: Is the token somehow cleared/altered on SonarCloud side? This can be easily checked using web API to query the parameter unobfuscated value:<your project key>&keys=sonar.pullrequest.vsts.token.secured
(you need admin permission on the project)

Also in background tasks, even if the task is successful, you may have some interesting warnings:

Yes, you are correct.
Thanks, next time we encounter this issue I will try to use this url to check the token.

I checked the warning messages, I am not sure was that at the time of the issue, but on some runs we get “Pull request decoration failed because the token specified in the settings does not have sufficient rights. Please check the permissions of this token.”. We haven’t change any permissions for the token in the meantime so not sure why would that occur.

Hi, Thanks.

We created a ticket internally as it appears that multiple people face this issue.

Investigating on it, we will let you know.


For troubleshooting and trying to reproduce this issue on my side, can you please provide

  • the setup you have on the Status Policy for SonarCloud/ quality gate

  • Do you have multiple status policies within the branch ?
  • What is the scope of the PAT that is recorded on SonarCloud ?

Thanks !


Any update on your side ? Do you still face the issue ?



The setup is exactly the same as in your screenshot, we don’t have multiple status policies within the branch, scope is read & write for Code and Read for Packaging