Is there a way to generate a token that can be used by the CI that’s not tied to a specific account? Our use case is that we are using the SonarQube Scanner plugin for Jenkins and connecting it to SonarCloud. This works fine as long as we use the same token for each project, but currently that token is attached to a single user account, which means that user has to create each project individually. This is becoming time-consuming, and we would like other users to be able to create their own projects in sonarcloud for use with Jenkins.
I see your problem, and currently there is no solution other than creating a dedicated “bot” account for which you will generate a token.
Is there anything the pipeline? Can I make a feature request?
Before answering further, can you clarify:
- where your sources are hosted
- what type of code you want to analyze
OK, except for Java (and Groovy that is not supported), you might want to try the Automatic Analysis feature we are developing. This is the future, and this removes the need for you to manage tokens. I’d be happy to hear what you think about this!
Hi, same request from our side. We would like to start using SonarCloud. As a company, we use Azure AD. We also use Azure DevOps (VSTS), and want to implement the connection using the Sonarcloud extension.
For the extension to work, a token is needed. Currently our Azure AD is only used for people related accounts, no technical / system accounts (company has 3500+ ppl).
What we prefer to do is have a specific token that can only execute the analysis. But most people in our organization will have more authorization than just analysis.
Please make it a feature to allow a token that can only be used for the analysis. E.g. why not have a token, pure for analysis, that can be maintained/created by the admins?
Welcome Richard on this forum.
Having tokens dedicated to analysis definitely makes sense. It has just been added to our development roadmap. More details to come soon!