Sonar API token configuration

Hello,

we are trying to understand recommended way of configuring API token for analyzing code.

We binded bitbucket organization in sonar-cloud and we have many projects(each project belongs to each development team and developers can also access their projects), now we are wondering how to setup a user and get the API token of it

  1. Create one service account in bitbucket which got access to all repositories and add that service account in sonarcloud member and create one API token for each team and pass the API token for the developers

2.Create n number of bitbucket service accounts for n number of projects and each one service account will only have access to all repositories in oneproject.

Hi!

Can you please clarify your use case, and what API token you mean?

I’m not 100% sure what you mean by that. You have logged on to SonarCloud, and with that user you imported an organization and projects. What “API token” are you referring to, and for what purpose?

Hello Janos,

Sonar login API token to access sonarcloud.

Thank you,
Yamini.K

Hi @yamini,

It may depends on your company configuration but generally we recommend that a dedicated technical user has analysis permission.

To do that:

  • Create a technical user on BitBucket Coud side who would be member of the repositories
  • Add this technical user as a member of the SonarCloud projects, and give this user the “Execute Analysis” permission in the org Administration > Permissions, other users should not have this permission
  • Generate a token for this user
  • Use this token for the analysis of the SonarCloud projects.
    You may want to use a secret manager to be able to reuse this token.

This way, if you need to revoke your token, you can do it once on SonarCloud.

Hope it’s clear.

Cheers