Organization Level Setting for Pull Request Provider


I would suggest a Global Setting to change the Pull Request Provider and Personal Access Token.

I didn’t find a way to manage this setting globally so we had to set it on each of our (currently) 120 Projects and when the Personal Access Token runs out (it is only valid for 1 year) we would have to update all 120 Projects.

Is there an automation we could use? How do you suggest we handle this issue?

Greetings Gary

Welcome :slight_smile:

what is your Sonarqube version ?
There should be a global setting here /admin/settings?category=pull_request


We are using Sonarcloud

Missed the sonarcloud tag, sorry.
Automation via web api should be possible, see

Thanks I already spotted the API. So there is no plan to add a global setting in the UI for SonarCloud?

With global, i guess you mean on organization level ?

yes exactly I mean on an organization level.

I just found a StackOverflow post that brought an idea to my mind. Is it possible to set these properties
on each build through the extra properties attribute on Prepare Analysis? This might be great solution for us.

According to this should be possible:

Several properties could be set at analysis time: sonar.pullrequest.provider, sonar.pullrequest.github.repository. As a baby step, we will gather them at project level only. Technical note: similarly to file exclusions, it could be overridden at analysis time. It’d need to be stored in relation to a branch (ex: project_branches database table.).

I just tried it but it didn’t work:

Pull request decoration did not happen because the token is missing. Please set it in the project settings.

Did you set the personal token also ?

yes, I configured it like this:

- task: SonarCloudPrepare@1
    SonarCloud: SonarCloud
    organization: ourOrganisation
    projectKey: ${{ parameters.ProjectFolder }}
    projectName: ${{ parameters.ProjectFolder }}
    projectVersion: '$(CSProjVersion)'
    extraProperties: |
        sonar.pullrequest.provider=Azure DevOps Services

The jira ticket was a bit misleading.
sonar.pullrequest.vsts.token.secured is handled as internal property
see this thread

but maybe it’s possible to set it via web api inside your build.