Deprecating sonar.login and sonar.password in favor of sonar.token

Hello SonarCloud :sonarcloud: users,

We are deprecating sonar.login and sonar.password as a way of authenticating with SonarCloud during the analysis. Please switch to sonar.token going forward. You will receive a warning on any project that is still using the deprecated parameters.

You can find more information about user tokens here: User Accounts | SonarCloud Docs.

The SonarCloud :sonarcloud: Team

Hi,
We are using Azure DevOps task: SonarCloudPrepare@1, and these are the parameters:

  inputs:
    SonarCloud: '$(sonarCloudServiceConnection)'
    organization: '$(sonarCloudOrganisation)'
    scannerMode: 'MSBuild'
    projectKey: '$(sonarCloudProjectKey)'
    projectName: 'Z$(sonarCloudProjectName)'

We’ve added the SonarCloud extension and added a service connection with SonarCloud token for authentication.

We are not passing the password during the analysis, but still getting the warning in SonarCloud.
SonarWarning

Will this be an issue in the near future or will it be resolved soon?

Thanks,
Ricardo Bicho

HI @Ricardo_Bicho and welcome to the community

Thanks for reporting it.
We will fix this warning in some time.
You do not need to worry about potential issues as the extension will be modified accordingly.

And here is the ticket for the change.
https://sonarsource.atlassian.net/browse/VSTS-310
Thanks

when the sonar.login cannot be used?

I use sonar.token property in our Jenkins script call but still get the warning:

withSonarQubeEnv('My SonarCloud Instance') {
    sh "sonar-scanner -Dsonar.token=$SONAR_AUTH_TOKEN"
}
WARN: The property 'sonar.login' is deprecated and will be removed in the future. Please use the 'sonar.token' property instead when passing a token.
INFO: Preprocessing files...
INFO: 3 languages detected in 96 preprocessed files
INFO: 0 files ignored because of inclusion/exclusion patterns
INFO: 56 files ignored because of scm ignore settings

I checked all versions but didn’t find anything

  • Jenkins SonarQube plugin is at version 2.16.1 (latest)
  • sonar-scanner-cli binary is at version 5.0.1.3006 (latest)

What am I missing here?

Has this been fixed? We are also getting this error.

Hello @headWingman,
Can you give more details on your usage of the scanner and the versions you are using?
Thanks

When running sonar scanner Maven plugin (the latest available version atm), I get the same confusing error:

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:4.0.0.4121:sonar (default-cli) on project ***: Not authorized. Analyzing this project requires authentication. Please provide a user token in sonar.login or other credentials in sonar.login and sonar.password. → [Help 1]

Note: This happens when I supply “sonar.token” only; if I replace it with “sonar.login” (keeping the same auth token), error is gone and code scan commences…

Hi @greek1979,
Are you using SonarCloud or SonarQube? If SonarQube, which version are you using?

SQ tells me it is version 9.9.4 (build 87374). Oh right, may be that is not the latest one - haven’t checked for a while…

Yes, sonar.token was introduced in SQ 10.0, if you look at the Maven scanner documentation for 9.9, it still mentions sonar.login should be used.