SonarCloud -> ADO PAT


We are using Azure DevOps and SonarCloud integration.
All is working fine for us at the moment.

As per Driving continuous quality of your code with SonarCloud | Azure DevOps Hands-on-Labs

we are looking to setup a ‘bot’ user.
Using a PAT issued for this user fails with:
The token doesn’t have the required permissions (Code: Read & Write)
We do have AAD conditional policy enabled and I see it is an issue with other users.

Is there a known workaround for that?

Works all fine if I’d use my own account, but that does fill weird for all PR of the company.


Hey there.

Is the policy somehow applied specifically to your bot user, or not applied to your own user?

That is a very good point, but as far as I am aware the policy is applied to all AD users.

Also, other ADO users tried using their PAT, still the same error.

Only difference is that my user is Admin on ADO, while others would have a bit more limited access.

Is it possible that SC checks access to each repo, while setting up the PAT for ADO?

Hey there.

I’ve taken a look, and it should just be checking this URL:

Can you try querying this URL (using your own org name) with something like curl providing the token that you provide to SonarCloud?

That’s a very good point.

I’ve tested it, even from a different network. Got the list of projects on our ADO instance, using the very same PAT token SC rejects.

I’ve sent you a private message to get private details like SonarCloud your organization key.