Deprecating sonar.login and sonar.password in favor of sonar.token

Hello SonarCloud :sonarcloud: users,

We are deprecating sonar.login and sonar.password as a way of authenticating with SonarCloud during the analysis. Please switch to sonar.token going forward. You will receive a warning on any project that is still using the deprecated parameters.

You can find more information about user tokens here: User Accounts | SonarCloud Docs.

The SonarCloud :sonarcloud: Team

We are using Azure DevOps task: SonarCloudPrepare@1, and these are the parameters:

    SonarCloud: '$(sonarCloudServiceConnection)'
    organization: '$(sonarCloudOrganisation)'
    scannerMode: 'MSBuild'
    projectKey: '$(sonarCloudProjectKey)'
    projectName: 'Z$(sonarCloudProjectName)'

We’ve added the SonarCloud extension and added a service connection with SonarCloud token for authentication.

We are not passing the password during the analysis, but still getting the warning in SonarCloud.

Will this be an issue in the near future or will it be resolved soon?

Ricardo Bicho

HI @Ricardo_Bicho and welcome to the community

Thanks for reporting it.
We will fix this warning in some time.
You do not need to worry about potential issues as the extension will be modified accordingly.

And here is the ticket for the change.

when the sonar.login cannot be used?

I use sonar.token property in our Jenkins script call but still get the warning:

withSonarQubeEnv('My SonarCloud Instance') {
    sh "sonar-scanner -Dsonar.token=$SONAR_AUTH_TOKEN"
WARN: The property 'sonar.login' is deprecated and will be removed in the future. Please use the 'sonar.token' property instead when passing a token.
INFO: Preprocessing files...
INFO: 3 languages detected in 96 preprocessed files
INFO: 0 files ignored because of inclusion/exclusion patterns
INFO: 56 files ignored because of scm ignore settings

I checked all versions but didn’t find anything

  • Jenkins SonarQube plugin is at version 2.16.1 (latest)
  • sonar-scanner-cli binary is at version (latest)

What am I missing here?