SonarSource is pleased to announce the release of the GitHub plugin version 1.3.
This version loosens the permissions required to analyse pull requests. Until version 1.2, the GitHub account used by the plugin had to be granted push permissions on the target repository to be able to update the status of the pull request:
For open-source developers who wanted to activate analysis of pull requests coming from the community, this was a showstopper: credentials of this GitHub account could be stolen. Now with version 1.3, if the GitHub account does not have push access to the repository, only comments will be created and the update of the status of the pull request will fail silently (with a warning in the log though). The summary comment will obviously still be available:
This will allow any open-source developer to activate analysis of any pull request on his/her project.
Please read the release notes for more information. You can install or update it via the Update Center.
Documentation is available on the product page.