I’m looking for a list of permissions to GitHub Cloud that I need to grant SonarCloud to enable it to perform its many services on the private repos in our organization.
I’m looking for a list like the one Codacy provides:
EXCEPT, I’m hoping it does not include administration:write …
I do NOT want to grant WRITE permission to code (in private repos in our organization).
I understand that I need to be an admin of our GitHub Cloud organization, but I can’t find a definitive list of the permissions I need to grant.
A related question about the SONAR_TOKEN used by GitHub Actions to post coverage to SonarCloud:
That helps. However, I’m more interested in the permissions that need to be granted via GitHub App (or OAuth App).
A lot of services will require an OAuth grant of read:write repo permissions, which I cannot accept.
To avoid surprising dialogs later, I’m looking for a complete list of permissions that need to be granted in order to enable SonarCloud on the private repos in my org on GitHub Cloud.
I’m also interested in whether the generated SONAR_TOKEN is associated with a specific user account.
And for list of GitHub permissions needed for personal account integration, which I’ve performed as well.
How can I confirm that an organization on GitHub does not need to grant write permission to its private repo code in order to import a private repo into SonarCloud?
I’m confused. The screenshot I gave you above is literally the interface you get when you set this up.
Are you concerned there will be additional steps? Because when you add your organization from SonarCloud, you’re redirected to GitHub to authorize it there. So this is literally, and verbatim the GitHub interface. No hidden forms. A pair of radio buttons, a dropdown & Install/Cancel buttons.
Many coverage services have separate permissions involved when authorizing for private repos in an org vs a personal account. This is usually attributed to the limited OAuth scopes defined by GitHub.
