Creating and analyzing projects from Gitlab to SonarCloud

Hey all,

I’m working on an integration of SonarCloud into the Gitlab CI pipeline. Previously I was hosting the Sonar server myself, so the scanning looked like this:

  stage: security-testing
  image: sonarsource/sonar-scanner-cli:latest
    - /^release-.*$/
  needs: []
    # Defines the location of the analysis task cache
    # Tells git to fetch all the branches of the project, required by the analysis task
    GIT_DEPTH: "0"
    key: "${CI_JOB_NAME}"
      - .sonar/cache
    - sonar-scanner -Dsonar.projectKey=$CI_PROJECT_NAME -Dsonar.qualitygate.wait=true

The global variables contained the SONAR_HOST and SONAR_TOKEN values, everything was going fine.

Now, moving to the sonarcloud has been a little tricky. This is what I did:

  • Changed the URL to the sonarcloud and changed the token
  • Added the sonar.organization value to the CI file (at the end of the sonar-scanner command)
  • the project is not created under the organization and the error appears:
ERROR: Could not find a default branch to fall back on.

I’ve searched around in the forum, but I don’t really find a solution. I don’t want to define different tokens for different newly created repos. My workflow should be that any repository that is created in Gitlab with the inherited CI file, should be scanned and imported to the SonarCloud.

What am I doing wrong?

Hello @vilius,

Apologies for the delay in responding. Could you post the full scanner logs? You can redact any sensitive information.

Thanks for following up. The solution turned out to be onboarding the project to the SonarCloud. Launching the sonarscanner from gitlab onto the non-existing-on-the-cloud repo spits out the above error. When you add it manually, the error goes away.

Even though THIS particular problem is solved with a workaround I still have a question: what happens for the new project repos? Why should I need manual repo onboarding? I don’t wan to keep tabs what new repos development team is creating, all I care that they are scanned and report the results to the sonarscloud.
Any tips on this front?


We are running in to the same problem. Is there a way to enable automatic onboarding of new projects in our Sonarsource Organization?
Right now, every time a new project is created in GitLab, somebody has to manually add this new project in Sonarsource.

I thought about this and in the end I wrote a very small script. It pulls the currently existing projects, greps for the repository in question and if it doesn’t exist — creates one.

    # checking if the project exists
    - export is_project_existing=$(curl https://{$SONAR_TOKEN} | grep -w  $CI_PROJECT_NAME)
    - |
        if [[ ! -z $is_project_existing ]]; then	
          echo "Project exists on sonarcloud, proceeding to analysis"
          # creating new project
          curl -X POST https://{$SONAR_TOKEN} -d "name=$CI_PROJECT_NAME&project=myorganization_$CI_PROJECT_NAME&organization=myorganization"

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.