403 Unauthorized on ‘/api/server/version’ for Azure DevOps PipeLine-Bitbuckt

Azure DevOps (Bitbucket) build pipeline is failing to communicate with SonarQube.

Details:

  • SonarQube is deployed on Kubernetes using Helm
  • SonarQube is integrated to AzureDevops
  • Bitbucket build step is “Prepare Analysis Configuration”
  • SonarQube URL is accessible by me directly with no issue(on prem).

Raw Log as below:

2021-08-10T13:14:45.5417549Z ##[section]Starting: SonarQubePrepare
2021-08-10T13:14:45.5426294Z ==============================================================================
2021-08-10T13:14:45.5426902Z Task : Prepare Analysis Configuration
2021-08-10T13:14:45.5427266Z Description : Prepare SonarQube analysis configuration
2021-08-10T13:14:45.5427548Z Version : 4.21.0
2021-08-10T13:14:45.5427816Z Author : sonarsource
2021-08-10T13:14:45.5428428Z Help : Version: 4.21.0. More Information
2021-08-10T13:14:45.5428934Z ==============================================================================
2021-08-10T13:14:46.3608770Z ##[error][SQ] API GET ‘/api/server/version’ failed, status code was: 403
2021-08-10T13:14:46.3649711Z ##[section]Finishing: SonarQubePrepare

Could you please let me know what is the issue and how can i solve this?

Hi,

Welcome to the community!

Do you have ‘Force authentication’ turned on? Are you passing a user token in to analysis?

 
Ann

Hi Ann,

Thank you for the reply.
Yes the userToken are set in AzureDevops SonarScanner. Attached the screenshot.
I also tried disabling the force authentication in sonarqube but got same error of 403

Could you please assist what would be the issue ?

Regards,
Chanda

Hi Chanda,

Whether or not you have Force Authentication on, it could still be a problem if the user token is incorrect. Can you perhaps try with a new token?

Also, you mention that you have access “on prem”. Does that imply that your CI is in the cloud? Could you have a firewall blocking access?

 
Ann

Hi Ann,

I regenerate the token but still same error.

Yes I have my repository in Bitbucket Cloud and Pipeline,SonarScanner integrated in azure Deveops? Not sure how to unblock firewall access if there are any?

Hi,

Okay, let’s back up. I should have asked this to start with: can you access that URL?

 
Ann

Hi Ann,

Yes i can with connected VPN

Chanda

Hi Chanda,

So you have to be connected with VPN. Are SonarQube and ADO/Bitbucket all inside the VPN together? Is it possible the 403 is coming not from SonarQube itself but from something in front of it in the network?

 
Ann

Thank Ann. The issue is solve. It was the firewall which causes the issue.

1 Like