For the Pull Request decoration it asks for a provider and a Token. Is it possible to use the top level token (that connect sonar cloud to Azure Dev Ops) without specifying it in the individual project settings?
The token expires yearly and will be a administrative effort to find and replace on all projects.
If your organization is bound to Azure, all the projects that are bound will benefit from the token set in the organization-level setting. You know that your org/project is bound when you see the Azure logo, next to the name in SonarCloud UI.
If your projects are not bound (manually created, not imported from Azure), there is no way to set the general token that projects could benefit from but binding the unbound projects or enabling migration from unbound to bound is on our roadmap.
your projects are created manually - not imported and selected from the list from Azure but created manually
The second point makes it impossible to use only org level token. Binding unbound projects is on our roadmap and after it is delivered you will not have to update the tokenes separately. If you do not care about the history, you can delete the project and reimport it recommended way (through “+” icon and select from Azure).
I tested creating the project first then pushing the analysis in the pipeline to that project instance and can see the “azure binding” that was missing on other projects and can confirm the PR decorations work without setting a token