I’m currently working on integrating SonarQube with Azure DevOps, and I’m wondering if anyone has experience configuring it to work with a read-only access token? Our security policy restricts us from granting write access, so we’re hoping to limit permissions to just what’s necessary.
Has anyone successfully set this up, or are there any known limitations or workarounds? Any insights or advice would be greatly appreciated!
We are using SonarQube Version 9.9 (build 65466) on premise.
SonarQube needs an appropriately scoped token (with read/write permissions) in order to decorate Pull Requests (with comments, and with a status check indicating whether or not the Quality Gate succeeded or not). These are key features of the Developer Edition of SonarQube.
That does not answer my Question.
I asked specifically not to have a token with a write permission.
secondly I wrote “we are using SonarQube Version 9.9 (build 65466) on premise”
You can configure a Read-only token (we don’t check the permissions in SonarQube v9.9), but you won’t be able to decorate pull requests in Azure DevOps, a key feature of Developer Edition. We can’t decorate pull requests with a read-only token because… commenting on a pull-request isn’t a read-only action. It is a write action.