Managing Personal Access Tokens
Users can manage SonarQube Cloud's Personal Access Tokens (PAT) according to their permission levels defined by an administrator.
Each user has the ability to generate tokens that can be used to run analyses or invoke web services without access to the user’s actual credentials. When a user is deleted, their user access tokens are also deleted.
From the Team plan, it's highly recommended to use Scoped Organization Tokens (SOT) instead of PATs. For more information, see Managing Scoped Organization Tokens.
To generate a token, select your account menu in the top right corner of the SonarQube Cloud interface. In the menu, select My Account > Security. Your existing tokens are listed here, each with a Revoke button.
The form at the top of the page allows you to generate new tokens. Once you select Generate, you will see the token value. Copy it immediately; if your dismiss the notification or leave the page, you will not be able to retrieve the token's value.
Tokens are used as a replacement for your usual login:
When running analyses on your code. Replace your login with the token in the
sonar.token
property. (Note that the propertysonar.password
is deprecated.)When invoking web services. See Web API for more details.
In either case, no password is needed.
Last updated
Was this helpful?