ERROR: Project not found. Please check the 'sonar.projectKey

Hi,

Our pipelines have been running smoothly every day without any issues, but suddenly, we are encountering problems with the Sonar execution during Merge Requests.

ERROR Project not found. Please check the ‘sonar.projectKey’ and ‘sonar.organization’ properties, the ‘SONAR_TOKEN’ environment variable, or contact the project administrator to check the permissions of the user the token belongs to.

However, we have the project key and organization name defined in the sonar-project.properties file, and the token and host are set in the GitLab CI/CD variables.

Regards
Koya

We’re experiencing the same issue. All pipelines in AzureDevops fail with ERROR Project not found. No such issues were observed before.

Hey there.

If the issue appears only in Pull/Merge Request pipelines, then most likely the token set in your global Administration > Organization Settings > Organization binding is no longer valid. This token is used to query information about the pull/merge request during analysis.

(and yes, it’s very annoying that the error message isn’t more clear about this :()

Can you check this point?

Hello,

The token was indeed expired, the strange thing was that it was expired since 2023 and we still didn’t experience any issues until today.

We generated a new token and added it to the SonarCloud Service connection but the issue still persists.

Thanks

I believe the issue isn’t with the token, as it works fine with feature branches. The problem seems to occur only during merge requests, where the pipelines are failing.

Thanks

Hi Colin,

I’m also providing analysis logs, sensitive information was replaced with placeholders.
The logs provided are from a CI pipeline that analyses code from PR

logs.txt (21.6 KB)

Hope this helps.

Thanks

Feature branches wouldn’t be affected if the token is no longer valid – only MRs. It’s worth checking.

@Todor

This looks like a different issue than the one @seetharam is describing (at least, there’s a different error message).

Usually this message is the result of using a project key that doesn’t exist on SonarQube, and where the first analysis of a pull request/short-lived branch.

Consider this log message:

2025-02-11T11:15:05.1229900Z 11:15:05.122 DEBUG --> GET https://sonarcloud.io/api/project_branches/list?project=*****

• Does that (redacted) project key match the project key in the URL when you browse this project on SonarCloud?
• Does visiting https://sonarcloud.io/api/project_branches/list?project=***** (unredacted of course) return valid data?

Is it possible somebody changed the project key or organization key and therefore the one you’re using is no longer valid?

I double checked the project/organization key and no changes were made.

Visiting the https://sonarcloud.io/api/project_branches/list?project=***** URL does return the following:

branches	
0	
name	"master"
isMain	true
type	"LONG"
status	
bugs	18
vulnerabilities	3
codeSmells	2989
analysisDate	"2025-02-10T14:45:11+0100"
commit	
sha	"*****"
branchId	"*****"

I’m also providing logs with ERROR Project not found, where the pipeline is triggered upon merging.

logs.txt (5.0 KB)

Thank you

Thanks for checking! So it looks like the scanner is querying the correct URLs, but the issue is with the token.

An interesting test would be to use the token you’ve generated and included in the SonarCloud Service Connection (as you mentioned here):

And query the same URL:

This would reveal if the issue is with the token being used, or something else.

You can use curl to accomplish this.

curl --request GET \
  --url 'https://sonarcloud.io/api/project_branches/list?project=*****' \
  --header 'Authorization: Bearer my_token' 

I’d also want to know if this token being used in the service account generated using the same account you’ve used to log into SonarCloud (and browsed the URL with), or another account?

I’m seeing this same issue now on one of my projects.