SonarLint authentication should match bound server policy


(Jim Kaib) #1

The wizard for binding SonarLint to a SonarQube server includes a step for entering a password/username combination or a security token. Without supplying one or the other you can’t complete the binding to the server. This is more restrictive than what my server enforces, where anyone can view code or submit code for analysis.

Why is SonarLint more restrictive that the server itself? One way or the other, they should match. Either both should require authentication to read issues and rules, or neither should.

And yes, I know I can create a token for a dummy/generic account to get past this, but what a poor solution that would be.