403 Error with SonarQube Scanner in gitlab CI/CD Pipeline

Version Info (required):

  • SonarQube Server: v25.1.0.102122 (Community Edition)
  • Sonar Scanner CLI: sonarsource/sonar-scanner-cli:latest (Docker)
  • Deployment Method of the server: Helm chart and kubernet
  • CI/CD Platform: GitLab

Here’s my current GitLab job configuration:

sonarqube_scan:
  stage: sonarqube
  tags:
    - mashaqeynaa
  image:
    name: sonarsource/sonar-scanner-cli:latest
    entrypoint: [""]
  variables:
    SONAR_TOKEN: "$SONAR_TOKEN"
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
    GIT_DEPTH: "0"
    SONAR_HOST_URL: "$SONAR_HOST_URL"
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script:
    # Check server connection manually first
    - curl -v -u "$SONAR_TOKEN:" "$SONAR_HOST_URL/api/server/version"
    
    # Run the scanner with token
    - |
      sonar-scanner -X \
        -Dsonar.projectKey=$CI_PROJECT_NAME \
        -Dsonar.sources=backend \
        -Dsonar.host.url=$SONAR_HOST_URL \
        -Dsonar.token=$SONAR_TOKEN

The curl command returns a 403 Forbidden, which means the token is not being accepted. However, when I try the same URL and token in Postman or normal web url, it works fine and returns the expected version.

the error i am getting is:

INFO  SonarScanner CLI 7.1.0.4889 
INFO  Java 17.0.14 Amazon.com Inc. (64-bit)
INFO  Linux 5.15.0-1082-aws amd64
ERROR Failed to query server version: GET $SONAR_HOST_URL/api/server/version failed with HTTP 403.
Please check the property sonar.token or the environment variable SONAR_TOKEN.

the web application is working fine and i have generated token as an admin and i also have given the correct permission to the user and user group for being able to do the analysis and yes the token also exists when i run the job ,Any insights would be appreciated. Thanks!

Hey there.

Have you taken care to

  • Uncheck the Protect Variable checkbox.
  • Check the Mask Variable checkbox.

While configuring your token in Gitlab?