401 Unauthorized- for sonar cloud token in azure pipelines

I am seeing below error:

Project Key: XXX

Token: XXX

URL: https://sonarcloud.io/api/qualitygates/project_status?projectKey=nextops123_webstore-security

Headers: System.Collections.Hashtable

Error: Response status code does not indicate success: 401 ().

Please suggest how to fix this

Hey there.

In what environment are you running the analysis (a specific CI/CD tool, for example)? How/where have you configured the token? What permissions does the user for whom you generated that token have?

@Colin HI. I am referring sonarlcoud token mentioned in the below YAML file and when I ran this pipeline it is coming up with following error. Please suggest . THank you
Project Key: nextops123_webstore-security

Token: XXX

URL: https://sonarcloud.io/api/qualitygates/project_status?projectKey=nextops123_webstore-security

Headers: System.Collections.Hashtable

Error: Response status code does not indicate success: 401 ().

Logs:

logs_1532 (1).zip (336.1 KB)

Hey there.

Please don’t expose things like tokens in plaintext. I edited your post, but you should consider this token compromised as it was accessible publicly.

Based on the logs you shared, you haven’t actually implemented SonarCloud analysis (the SonarCloudPrepare and SonarCloudAnalyze tasks). I think now is a good time to review the the documentaion on the SonarCloud Extension for Azure DevOps.

However, a quick look at the custom script you wrote:

   - task: PowerShell@2
      displayName: 'Check SonarCloud Quality Gate'
      inputs:
        targetType: 'inline'
        script: |
          $projectKey = "$(projectKey)"
          $token = "$(sonarcloudToken)"
          Write-Host "Project Key: $projectKey"
          Write-Host "Token: $token"

          $url = "https://sonarcloud.io/api/qualitygates/project_status?projectKey=$projectKey"
          $headers = @{
              Authorization = "Basic " + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$token"))
          }

          Write-Host "URL: $url"
          Write-Host "Headers: $headers"

          try {
              $response = Invoke-RestMethod -Uri $url -Headers $headers -Method Get
              Write-Host "Response: $response"

              if ($response.projectStatus.status -eq "OK") {
                  Write-Output "Quality gate passed"
                  exit 0
              } else {
                  Write-Output "Quality gate failed"
                  exit 1
              }
          } catch {
              Write-Output "Error: $_"
              exit 1
          }
      env:
        projectKey: $(projectKey)
        sonarcloudToken: $(sonarcloudToken)

Tells me that you should be using Bearer authentication, as documented, rather than Basic authentication.

@Colin

I have implemented sonarcloud prepare and analyize tasks already you can see in the below YAML, i have provide some other random value for token

trigger:
  - none

pool:
  vmImage: ubuntu-latest

variables:
  buildConfiguration: 'Release'
  projectKey: 'nextops123_webstore-security'
  organization: 'nextops123'
  sonarcloudToken: 'XXX'

stages:
- stage: 'BuildStage'
  displayName: 'Build Stage'
  jobs:
  - job: BuildAndPublish
    displayName: 'Build and Publish'
    steps:
    - checkout: self
      fetchDepth: 0
    - task: UseDotNet@2
      displayName: 'Use .NET 6'
      inputs:
        version: '6.x'
    - task: DotNetCoreCLI@2
      displayName: '.NET Restore'
      inputs:
        command: 'restore'
        projects: '**/*.csproj'
        feedsToUse: 'select'
    - task: SonarCloudPrepare@2
      inputs:
        SonarCloud: 'SonarCLoud'
        organization: 'nextops123'
        scannerMode: 'MSBuild'
        projectKey: 'nextops123_webstore-security'
        projectName: 'webstore-security'
    - task: DotNetCoreCLI@2
      displayName: '.NET Build'
      inputs:
        command: 'build'
        projects: '**/*.csproj'
        arguments: '--configuration $(buildConfiguration)'
    - task: DotNetCoreCLI@2
      displayName: '.NET Publish'
      inputs:
        command: 'publish'
        projects: '**/*.csproj'
        arguments: '--configuration $(buildConfiguration) --output $(Build.ArtifactStagingDirectory)'
    - task: SonarCloudAnalyze@2
      inputs:
        jdkversion: 'JAVA_HOME_17_X64'
    - task: SonarCloudPublish@2
      inputs:
        pollingTimeoutSec: '300'
    - task: PublishPipelineArtifact@1
      displayName: 'Publish Artifact'
      inputs:
        targetPath: '$(Build.ArtifactStagingDirectory)'
        artifact: 'ausemart-web'
        publishLocation: 'pipeline'
    - task: PowerShell@2
      displayName: 'Check SonarCloud Quality Gate'
      inputs:
        targetType: 'inline'
        script: |
          $projectKey = "$(projectKey)"
          $token = "$(sonarcloudToken)"
           Write-Host $projectKey
              Write-Host $token
          Write-Host $response
          $url = "https://sonarcloud.io/api/qualitygates/project_status?projectKey=$projectKey"
          $headers = @{
              Authorization = "Basic " + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$token"))
          }

          $response = Invoke-RestMethod -Uri $url -Headers $headers

          if ($response.projectStatus.status -eq "OK") {
              Write-Output "Quality gate passed"
              exit 0
          } else {
              Write-Output "Quality gate failed"
              exit 1
          }

      env:
        projectKey: $(projectKey)
        sonarcloudToken: $(sonarcloudToken)

and for above YAML file I have attached logs below

logs_1525.zip (206.4 KB)

and you could see the sequence of tasks passed , only last task is failing

Please suggest why that particular task is failing with that error.

I have already told you.

Please review the documentation I linked and compare it to how you’re setting authentication headers in your script.

@Colin Thank you, it worked