Sonar Cloud PR decoration does not work as expected for unbound projects

Hi Team,
ALM used: Azure devops
CI System used: Azure devops
we have a few unbound projects in our org which we imported manually in the sonar Cloud, so to decorate the PR we gave the PAT token to just one project( in sonar UI see below picture) to test the quality gate metrics first in Ado but it got applied to all of the other unbound projects(where there is no PAT linked in sonar UI) and also when we tried to switch it off it didnt take any effect we need to disable our PAT permissions(read/write) then we could see the quality gate was removed from the PR in Azure devops, and also tried to give this command in our yaml pipelines to make sure the setting is not applied to other projects:sonar.pullrequest.provider=‘’ even this didnt work. why is this happening? why is it applied globally ,when we just set to one project and when disabled still we could see the quality gate status check on the PR’s. Let me know if you need any more details. your response is greatly appreciated. thank you!

Hi,

Welcome to the community!

Do you have a PAT configured at the global level? If you do, it’s automatically going to be used for every project in your organization that doesn’t have something set at the project level.

No, it won’t. You can’t use analysis parameters to reset a property to empty string. It simply doesn’t work.

It’s not clear to me why you don’t want the behavior you’re getting, and I would be interested to understand why you don’t. But it ought to work to configure a garbage value for the PAT the the project level. Expect to get errors, though.

 
HTH,
Ann

Thank you Campbell for the response.
yes PAT is configured globally but these are unbound projects and manually imported, will it automatically apply to the unbound projects too when the projects are initially created? the reason why I am asking is the PR decors are not triggered until I linked the PAT in sonar UI to that only project.
To answer you other question why we dont want this behavior for now is ? we want to test/fix project by project code vulnerabilities. So we wanted to target one project first and then proceed to the other, thought in sonar cloud we would have that flexibility but that doesn’t seem to be the case or is there anyway we can do that project level.
and also why removing the PAT for the project level is not rolling back the quality gate status in ADO? if you think entering a garbage PAT value will fix it why not reverting the changes should fix it?
please let me know, hoping to find some good/feasible solution to this.

Hi,

What exactly do you mean when you say “unbound”? Because if the repository is being decorated with PR analysis results, then that kinda seems “bound” to me.

I still don’t understand why PR decoration is undesirable for you, but okay.

This is not a live connection like a telephone call. Data is posted to ADO asynchronously. Changing your SC configuration is not going to remove the data.

 
Ann

Thanks again Ann.
Unbound project i meant this is not bounded to ADO as shown below:

Bounded project(project name accompanied by the ADO icon):


Unbounded project(no ADO icon)-Imported manaually:
image

My question is simple is there a way we can apply PAT at project level for a single project? which takes the precedence org level pat or project level pat?

Hi,

According to the docs, it seems to be available, altho not advisable:

field under Your Organization > Your Project > Administration > General Settings > Pull Requests > Integration with Azure DevOps Services .

 
Ann