Generic Analysis account for Sonar

Question

Is there a way to set up a generic analysis account in Sonar that anyone could use to just Execute Analyses? We have 100s of developers in the organization, and we want everyone to run a pre-commit analysis, but I really don't want to create individual user accounts for everyone, so my goal was to have one generic user that we could generate a token for and give out to everyone. At first I did this by creating a user that has the "Execute Analysis" permission, but my concern with this is that it allows every user to get the secured settings like the scm passwords, jira login, etc., and I don't really want them to be able to get that info. Is there a way to set up a generic account without it having the ability to do this?

score 5 · Accepted Answer · edited May 23 '17 at 12:01

5

For reasons detailed in this answer your devs should not be doing the kind of analysis pre-commit that needs a token.

You should instead be looking at SonarLint.

edited May 23 '17 at 12:01

Community

1
1

answered Dec 12 '16 at 16:29

G. Ann - SonarSource Team

22,346
4
40
76

We do use SonarLint, but were linking it up with our actual sonar server so we could get project specific rules and such. Is there a better way of doing that? – cloudwalker Dec 12 '16 at 17:05
I don't understand. Of doing what? – G. Ann - SonarSource Team Dec 12 '16 at 17:08
Connecting it up with Sonar and linking it to a project. Based on my understanding of the SonarLint plugin, you need to either have a token or a user account to do that. – cloudwalker Dec 12 '16 at 17:18
Nevermind. I must have been doing something totally wrong previously. I was able to get it all to work without an authentication token now. – cloudwalker Dec 12 '16 at 17:38

Generic Analysis account for Sonar

1 Answers1