Unable to set token from Azure DevOps

From the Azure DevOps prepare task, I set sonar.pullrequest.vsts.token.secured to a working value. However, once the scan is completed, it doesn’t decorate a pull-request.

Looking at the Background Tasks -> Scanner Context, I do see sonar.pullrequest.vsts.token.secured=*******, but Background Tasks -> Show Warnings tells me ‘Pull request decoration did not happen because the token is missing. Please set it in the project settings.’

I expect this to work via Azure DevOps, since I don’t want to set this key via the project settings, as it requires me to set this key for 100+ project (I can create a task group in Azure DevOps to simplify a lot of work so others don’t have to).

Any idea on how to get this working?


This value needs to be set in the project settings, rather than through an analysis parameter.

If you need to automate this somehow, you might find the POST api/settings/set Web API useful.

You might also want to vote on MMF-1478 to have settings available at the organization level. :slight_smile:


1 Like

Thanks Colin, I already suspected that.

However, from the UI it isn’t really clear: it lists sonar.pullrequest.vsts.token.secured in the project settings, so I suspected this to work.

I’ll take a look at the API approach.

Hi Bas,

Did you ever find a method to automatically set sonar.pullrequest.vsts.token.secured from a pipeline, based on the ephemeral build AccessToken?

I would greatly appreciate any advice on how you solved this.


I wrote a small program that (re)sets the token using the API.

Hi Bas,

I trying post something like https://sonarcloud.io/api/settings/values?component=Sonar.Scanning.Examples&keys=sonar.pullrequest.vsts.token.secured&value=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, but I get an error, could post your solution? Regards

Sure, something like this (Python 3, Requests).

1 Like

Tks Bas, I using Azure DevOps, so I make one with powershell, let me show…

$token = [System.Text.Encoding]::UTF8.GetBytes($SonarToken + “:”)
$base64 = [System.Convert]::ToBase64String($token)
$basicAuth = [string]::Format(“Basic {0}”, $base64)
$headers = @{ Authorization = $basicAuth }

$URL = "https://sonarcloud.io/api/settings/set?"
$Param = “key=sonar.pullrequest.provider&value=Azure%20DevOps%20Services&component=”
$Param2 = “key=sonar.pullrequest.vsts.token.secured&value=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&component=”

$URI = $URL + $Param + $env:Build.Repository.Name
$URI2 = $URL + $Param2 + $env:Build.Repository.Name

Invoke-RestMethod -Method Post -Uri $URI -Headers $headers
Invoke-RestMethod -Method Post -Uri $URI2 -Headers $headers

I will make more improvements in the code code, but works… tks