Service accounts in SonarCloud

vittoriocanilli · November 22, 2022, 4:03pm

Hello,
we are planning to migrate our self-hosted SonarQube instance to SonarCloud.

In our old SonarQube instance we are creating service accounts to execute the analysis from the CI/CD systems (Jenkins, Azure DevOps), while personal accounts are used by the developers only for local development with SonarLint. In these way the service accounts tokens are saved as secrets in the CI/CD systems and the personal access tokens are stored in the developers’ computers only.

We have set up SonarCloud with the Azure DevOps authentication and we can only create personal accounts. I could not find a way to create service accounts, which are not bound to a personal account in Azure DevOps.

Is there actually a way to create service accounts in SonarCloud? Thanks in advance.

Sylvain_Combe · November 24, 2022, 8:45am

Hi @vittoriocanilli
there is no local account on SonarCloud, every user account must be bound to an AzDO account of your organization.
You may promote the idea for a future addition on the SonarCloud roadmap portal.

On SonarQube, we now have analysis tokens (projects bound, or global) in addition to the standard user tokens, they may be a different answer to the same use case?

vittoriocanilli · November 24, 2022, 10:20am

Hi @Sylvain_Combe,

thanks for your reply. I have never see these analysis tokens on SonarQube. Are they available in the Community Edition as well? Anyway they are not to be found on SonarCloud, as far as I can understand.

Sylvain_Combe · November 24, 2022, 10:33am

Hi @vittoriocanilli
Tokens permission is narrowed to the analysis scope was implemented, and announced, with SonarQube 9.5.

Indeed, they are not available on SonarCloud. If you need these analysis tokens, you should mark your interest in the feature on the SonarCloud roadmap portal. To me, these tokens are a more likely addition to SonarCloud than local accounts.

vittoriocanilli · November 24, 2022, 10:44am

Hi @Sylvain_Combe,

thanks for the clarification! I can not find the request for the analysis tokens as feature on the SonarCloud roadmap portal’s link that you sent on your previous message: can you send me the correct link, if the feature request exists? Otherwise, should I create the request myself?

Thanks in advance.

Sylvain_Combe · November 24, 2022, 10:47am

You can promote any feature addition with the Submit idea button on the top right corner of the roadmap portal.

vittoriocanilli · November 24, 2022, 11:10am

Hi @Sylvain_Combe,

thanks for the clarification! I will take care of that!

vittoriocanilli · November 30, 2022, 3:04pm

Hi @Sylvain_Combe,

I was about to submit a new idea, but I have found this one for api tokens: is it actually the same as the analysis tokens?

Thanks in advance.

Sylvain_Combe · November 30, 2022, 3:56pm

Yes, that’s the one.
I thought I had the link to it in my 2nd post in this thread, but it was not the case, sorry about that.

vittoriocanilli · December 1, 2022, 9:16am

Hi @Sylvain_Combe,

no problem at all and thanks for your quick reply! Here is the feature request that I have contributed to, as future reference: Organization and project API tokens

Topic		Replies	Views
SonarCloud - Azure DevOps - Authentication SonarQube Cloud sonarqube-cloud	1	923	January 10, 2023
Azure DevOps & Service Account Token SonarQube Server / Community Build	3	3026	May 26, 2020
Security concern on user tokens SonarQube Cloud security	4	1933	June 3, 2020
machine/CI user token SonarQube Cloud jenkins , tokens , sonarqube-cloud	9	1881	March 3, 2020
SonarQube Service Accounts SonarQube Server / Community Build	2	1957	October 12, 2021

Service accounts in SonarCloud

Related topics