SonarLint Version: 1.15.0
SonarQube Version: 22.214.171.124237 Community
Steps to reproduce:
- Setup connectedMode.project with project key
- Setup connectedMode.connections.sonarqube with server url and token
- Update project binding
- Note that configuration above are all done in workspace settings.json
- Error: No SonarQube/SonarCloud connections defined for your binding
- Replicate steps above in user’s settings.json then it worked like a charm
Expected Behavior: SonarLint extension should be able to read the workspace level, settings.json
Reason: It is more relevant as in the scanning was meant to be done throughout the whole workspace
We have chosen to read
connectedMode.connections.sonarqube setting only from the user settings, in order to discourage people to store credentials in their SCM. Workspace/project settings are intended to be shared between teamates. The SonarQube token is your personal user token, and should usually be defined once and for all your projects/workspaces.
Does it make sense?
We would like to minimize the effort on developer to further configure it as in generate their own token and put into their own workspace. The ideal solution might be a group token on workspace level but remain the token on user level(scenario where you mentioned) and token defined in user level over take precedence on workspace level.
What do you think?
What do you mean by “group token”? A token shared by all your developers?
Correct. Sorry for misleading word, “group token”.
Sharing the same token between developers is not a practice we want to encourage, especially because it is currently not possible to restrict tokens permissions.
Also we will soon add to VSCode the ability to raise developer notifications, and this feature only make sense if each developer is using a personal account.