(incubator-devlake) branch main updated: use non-admin token for sonarQube (#8731)

klesh Thu, 26 Feb 2026 07:02:40 -0800

This is an automated email from the ASF dual-hosted git repository.

klesh pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-devlake.git



The following commit(s) were added to refs/heads/main by this push:
     new a215ca424 use non-admin token for sonarQube (#8731)
a215ca424 is described below

commit a215ca4246cb36778255cbeea1621ef1607fa1f2
Author: Joshua Smith <[email protected]>
AuthorDate: Thu Feb 26 08:00:45 2026 -0700

    use non-admin token for sonarQube (#8731)
---
 backend/plugins/sonarqube/api/blueprint_v200.go     | 3 ++-
 backend/plugins/sonarqube/api/remote_api.go         | 3 ++-
 config-ui/src/plugins/register/sonarqube/config.tsx | 6 +++++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/backend/plugins/sonarqube/api/blueprint_v200.go 
b/backend/plugins/sonarqube/api/blueprint_v200.go
index e4804534b..3bcf47785 100644
--- a/backend/plugins/sonarqube/api/blueprint_v200.go
+++ b/backend/plugins/sonarqube/api/blueprint_v200.go
@@ -131,7 +131,8 @@ func GetApiProject(
        }
        query := url.Values{}
        query.Set("q", projectKey)
-       res, err := apiClient.Get("projects/search", query, nil)
+       // Use components/search_projects for consistency and normal-token 
(Browse) support.
+       res, err := apiClient.Get("components/search_projects", query, nil)
        if err != nil {
                return nil, err
        }
diff --git a/backend/plugins/sonarqube/api/remote_api.go 
b/backend/plugins/sonarqube/api/remote_api.go
index 704cdabf5..d782a02cf 100644
--- a/backend/plugins/sonarqube/api/remote_api.go
+++ b/backend/plugins/sonarqube/api/remote_api.go
@@ -48,7 +48,8 @@ func querySonarqubeProjects(
        if page.Page == 0 {
                page.Page = 1
        }
-       res, err := apiClient.Get("projects/search", url.Values{
+       // Use components/search_projects so non-admin (Browse) tokens can list 
projects.
+       res, err := apiClient.Get("components/search_projects", url.Values{
                "p":  {fmt.Sprintf("%v", page.Page)},
                "ps": {fmt.Sprintf("%v", page.PageSize)},
                "q":  {keyword},
diff --git a/config-ui/src/plugins/register/sonarqube/config.tsx 
b/config-ui/src/plugins/register/sonarqube/config.tsx
index 5da394d20..966ce8bf5 100644
--- a/config-ui/src/plugins/register/sonarqube/config.tsx
+++ b/config-ui/src/plugins/register/sonarqube/config.tsx
@@ -55,7 +55,11 @@ export const SonarQubeConfig: IPluginConfig = {
           setErrors={setErrors}
         />
       ),
-      'token',
+      {
+        key: 'token',
+        subLabel:
+          'A token with Browse permission on the projects you want is 
sufficient for listing projects and collecting issues, hotspots, and file 
metrics. Listing Accounts (users) may require a system admin token on some 
SonarQube instances.',
+      },
       'proxy',
       {
         key: 'rateLimitPerHour',

(incubator-devlake) branch main updated: use non-admin token for sonarQube (#8731)

Reply via email to