I’m thinking about using sonar for a public Java project on GitHub. I’d like to make some customizations to the rules and have those apply to both SonarCloud and SonarLint IDE plugins (vscode, intellij, eclipse) for anyone who might want to contribute to the project. From what I can see there are 2 options to share customizations:
Make the customizations in SonarCloud and use “connected mode” to link SonarLint to the project. This requires anyone who wants to use the settings be a member of the organization, so won’t work for new contributors.
Both of these look like dead-ends. Am I missing something or is there another way to accomplish what I’m trying to do?
Hello, @msbarry and welcome to the community!
Current idea is to use server to sync settings across multiple SonarLint instances. So basically yes, you need or to do what you want. Since you don’t want to add people to organisation on SonarCloud, I can suggest as a workaround to setup SonarQube instance and share settings by connecting to it.
Thank you for your feedback. We will discuss it internally and hopefully find a solution for such use case.
Thanks for getting back to me. Another issue I ran into is not being able to run sonar cloud analysis against pull requests from new contributors to the project since SONAR_TOKEN was stored as a secret only available when a member of the organization initiates the pull request action.
The least bad solution to both of these problems appears to be to create a “machine user” github account with minimal/read-only access to github and sonar resources, generate a sonar cloud API token from that user, and use it for CI and for anonymous contributors to sync local sonarlint settings to cloud. I would be interested to hear if there’s a better way than this to achieve similar goals. Ideally there would be a read-only way to sync settings and execute analysis on branches for a public project without sharing API tokens.
We trying to keep threads on community forum very focused on the specific problem, to make life of the future readers easier. So don’t you mind to create separate topic for this another issue? Your feedback is valuable and would be great to keep it structured.
or 
to do what you want. Since you don’t want to add people to organisation on SonarCloud, I can suggest as a workaround to setup SonarQube instance and share settings by connecting to it.