Which rights on organization are mandatory to create a token for Azure DevOps?

We are working on a private project on Azure DevOps and I want to make a POC to test Sonar Cloud.

Which rights on organizations are really needed to generate the token on sonarcloud site ?
Our project is on an organization with several confidential projects.
We don’t want to open access even if SonarCloud interests us.

Is it possible to know the risks in terms of security for each needed right ?

Thanks a lot.


Welcome to the community!

What exactly do you want to test? You should be able to run basic analysis and view the results in SonarCloud without needing an Azure token.

It’s when you want your PR analysis results reflected back into Azure that you’re going to need to start opening up permissions. Specifically, you’ll need to grant SonarCloud Code Read & write to get your PRs decorated.

The docs should help.