Why does SonarCloud need write access to code?

Hi,

I have set up SonarCloud with Azure DevOps but the personal token required by SonarCloud is asked to have both read and write privileges.

My question is by definition, only read access is required for scan and analyze. Why does SonarCloud need write access to code?

Cheers,

Eliot

Hi @Eliot_Chen and welcome to the community !

PAT is used historically for PullRequest decoration. For that matter, Azure DevOps api that we call need those permissions (highlight of the code for issues, creating new comments, …).

HTH,
Mickaël

Thanks Michael, if we don’t need pullrequest decoration, can we give read access only.

If your SonarCloud project is not bound to your Azure DevOps repo/project, then you don’t need it at all.

Thanks Mickaël.