Sonarcloud Service Accounts and Organization setup for an enterprise with multiple workspaces

Hi
I work for an agency that works on many projects for different clients. Depending on the project’s and client’s needs, the repositories for these projects are hosted on different workspaces and services (some on bitbucket, others on github or Azure DevOps and so on).

We would like to introduce Sonarcloud to all of our projects but when trying to set up an account and organization, we came across multiple problems:

  1. It seems not to be possible to create a single account with sonarcloud that connects to multiple different code management systems or workspaces. Is there no possibility to do so? It seems to me as a common situation to use multiple hosing services even in the same organization.

  2. Lots of our clients require us to host the project’s code in their own workspace. This means that we are not administrators of said workspace, only on repository level. I tried to set up an organization for one of these clients but was unable to connect it to the client’s workspace because to only one listed in the drop-down is the bitbucket workspace of the service account we created at bitbucket for this particular purpose. What am I doing wrong? Or is it only possible to connect to a workspace with the account that owns this workspace?

All in all I’m very confused how accounts, organizations, permissions and billing works with sonarcloud and there seems no way to verify if things work as assumed without purchasing a paid plan first. The problem is that I have to show to management how we will set this up and how much it will cost, otherwise there will (obviously) not be any budget granted to purchase sonar.

Can someone give me some insights how accounts and organizations are supposed to be set up with sonarcloud for an enterprise? So far I don’t see this to be possible in a way that works for us.

Thanks in advance!

Hey there.

I’ll try and answer your questions.

  • An organization bounds to a specific organization within a DevOps Platform (Bitbucket, GitHub, Azure DevOps). We know this isn’t ideal for some users. It should be noted that with SonarQube Enterprise Edition and above, it’s possible to connect to multiple instances of multiple DevOps Platforms.
  • Today, there’s no account-level construct in SonarCloud that sits above individual organizations and can handle permissions, billing, etc.
  • We expect administrators of an organization/workspace to setup SonarCloud, as they usually are the ones with the right permissions (to install a GitHub/Bitbucket application, to provision a PAT)

SonarCloud is a great tool, currently well suited for smaller development teams or who don’t have a very complex development tool landscape. We expect to meet the needs of larger or more complex organizations in the future.

Hello Colin

Thanks for your answer! This helps clarifying things.

For us this means that we will not use SonarCloud because of the above described restrictions. On one hand we cannot set it up as required for organisational/process reasons but even more because of security concerns. There is just no reason an external service that does not write anything to the repository/workspace has Admin access or even access to the owner account. This is just not good practice I’ve to say.

So we will look out for alternatives and may consider SonarCloud again at a later point in time when it’s more enterprise ready.

The integration itself does not have admin access – a PAT is proivsioned with scoped permissions (and does integrate with the DevOps platform to the extent it must be able to add Pull Request descriptions, block merges, etc.)

However, for platforms like GitHub (as an example), only an administrator can install an application on a GitHub organization.

I hope this clarifies.