SonarQube 9.5 is getting project scoped analysis only tokens, (https://portal.productboard.com/sonarsource/3-sonarqube/c/321-tokens-permission-is-narrowed-to-the-analysis-scope) which is great because it is something our security team flags as part of our regular audits on tools that the Sonar API tokens can’t be scoped appropriately. I submitted this as critical for us in feedback for SonarCloud before I saw the Jira issue / product board entry for SonarQube.
Knowing (or at least assuming from past posts on this forum) that SonarCloud uses a different codebase, I’d like to ask if this feature is coming soon to SonarCloud too, as it would make my security team very happy.