Bound vs unbound
A DevOps platform organization (workspace, group) that has been imported into SonarCloud using the standard procedure described in Getting Started, is called a bound organization. The organization on the DevOps platform side is linked to a corresponding organization on the SonarCloud side through a direct API connection.
Using this binding, SonarCloud retrieves the project list from the DevOps platform organization and lets you choose which projects to import. The imported projects are also bound to their peers on the DevOps platform through an API link.
It is also possible to create organizations and projects on the SonarCloud side manually. Such organizations and projects are not bound through an API link with any peers on the DevOps platform. They are like empty containers identified solely by their keys, which you choose when you create them. They are only linked to your code by you explicitly setting the analysis parameters
sonar.organization to those keys in your CI-based analysis setup (Automatic analysis is not supported for manual projects).
During the onboarding process, you may notice small links that offer you the possibility to manually create an organization or project. While there are situations when you might want to manually create organizations or projects, in most cases you should follow the standard procedure and bind your organizations and projects.
The advantages of bound SonarCloud organizations over unbound ones are:
- Bound organizations enable the easy selection and import of projects into SonarCloud (as mentioned above).
- Bound organizations (but only in GitHub) support member synchronization(/organizations/managing-members/#member-synchronization-on-github).
- Importing a project via a bound organization is the only way to create a bound project, and bound projects have their own set of advantages (see below).
The advantages of bound SonarCloud projects over unbound ones are:
- Automatic analysis is only available for bound projects (only in GitHub and only for some languages).
- Pull request decoration is only available for bound projects.
- Upon import, bound projects on the SonarCloud side automatically adopt the privacy setting of their DevOps platform peer. Projects that are private on the DevOps platform remain private on SonarCloud. With manually created projects, you must make sure to explicitly set the privacy status of your SonarCloud project. This opens up the possibility of inadvertently exposing the code of a private project to the public through SonarCloud.
When an organization or project is bound, a DevOps platform icon is displayed beside its name in the overview page.
For example, on the overview page of the organization Claudia Sonarova we see the organization name accompanied by a GitHub icon.