Security token that is not tied to the user but to organisation


I am analysing repos from an open source project using SonarCloud. All repos have analysis done via Github actions. For this, the token used is user token (my account->security).

Question is simple: what happens to these integrations if I leave the org. Or I close my account from SonarCloud as the tokens are attached to user and not organisation.

Will it make any difference if I have another person as admin on the organisation?

Hi @dhavaltdesai, welcome to the community forum.

If you leave the organization or close your account, your token will be invalidated and analysis will fail.

Tokens are always linked to an account, but it does not have to be an account of some real person.
You can create a technical account on GitHub, managed by a group of people in your organization.

Then, you can log in on SonarCloud with that account to create it on the SonarCloud side, give it the required permissions on your organizations and projects, and generate tokens associated with the technical account.

This way, if you leave the organization, the other administrators will just have to remove you from the list of admins, but it won’t break the builds.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.