Hello,
I want to scan my c code, and I bought the develope version.
I used the scanner for the example at first.
First, I created my test project locally. After I git clone the example, I entered the command
autoreconf --install
./configure
make clean all
build-wrapper-linux-x86-64 --out-dir bw-output make clean all
So far, I think there is no problem. I just followed the step from sonarqube website.
Then, I entered the command which is also from website
sonar-scanner \
-Dsonar.projectKey=test \
-Dsonar.sources=. \
-Dsonar.cfamily.build-wrapper-output=bw-output \
-Dsonar.host.url=http://127.0.0.1:9000 \
-Dsonar.token=sqp_XXXXXXXXXXXXXXXXXXXXXXXXXX
Here is the error
INFO: Scanner configuration file: /opt/sonar-scanner-5.0.1.3006-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/cuju/Downloads/linux-autotools-otherci-sq/sonar-project.properties
INFO: SonarScanner 5.0.1.3006
INFO: Java 17.0.7 Eclipse Adoptium (64-bit)
INFO: Linux 5.4.0-37-generic amd64
INFO: User cache: /home/cuju/.sonar/cache
INFO: Analyzing on SonarQube server 10.1.0.73491
INFO: Default locale: “en_US”, source code encoding: “UTF-8” (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=59ms
INFO: Server id: 147B411E-AYoTrXwIgxcd6Xxg2U4L
INFO: User cache: /home/cuju/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=59ms
INFO: Load/download plugins (done) | time=298ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Process project properties (done) | time=52ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=1ms
INFO: Project key: test
INFO: Base dir: /home/cuju/Downloads/linux-autotools-otherci-sq
INFO: Working dir: /home/cuju/Downloads/linux-autotools-otherci-sq/.scannerwork
INFO: Load project settings for component key: ‘test’
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 1.895s
INFO: Final Memory: 16M/80M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
ERROR: You’re not authorized to analyze this project or the project doesn’t exist on SonarQube and you’re not authorized to create it. Please contact an administrator.
ERROR:
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
I have opened all of the permission in my project setting, and I already used my license.
How do I solve the error?
Colin
(Colin)
September 4, 2023, 7:56am
2
Hey there.
Can you try wrapping your SonarQube URL in quotation marks?
sonar-scanner \
-Dsonar.projectKey=test \
-Dsonar.sources=. \
-Dsonar.cfamily.build-wrapper-output=bw-output \
-Dsonar.host.url="http://127.0.0.1:9000" \
-Dsonar.token=sqp_XXXXXXXXXXXXXXXXXXXXXXXXXX
Hello.
I have tried to add the quotation marks.
It seems the error is still.
Colin
(Colin)
September 5, 2023, 3:48pm
5
Hm. Can you try removing all the line breaks?
sonar-scanner -Dsonar.projectKey=test -Dsonar.sources=. -Dsonar.cfamily.build-wrapper-output=bw-output -Dsonar.host.url=http://127.0.0.1:9000 -Dsonar.token=sqp_XXXXXXXXXXXXXXXXXXXXXXXXXX
Hi.
I also tried without all the line breaks.
But it doesn’t change the result.
Colin
(Colin)
September 6, 2023, 2:45pm
7
Okay. So it sounds like a real permissions issue with the token that’s being used.
Does a project with the key test
already exist on SonarQube?
Yes, it seems like a real permissions issue with the token that’s being used.
I have created the project manuallyfrom the localhost:9000.
The project display name is test, and the project key is also test.
Is there any command using the sonar.sh or sonar-scanner to check the test existing or not?
Does anyone have the same situation?
Colin
(Colin)
September 13, 2023, 3:11pm
10
That’s really weird that it’s not working out of the box. I can’t reproduce it. Let’s try something else.
Can you go to My Account > Security and generate a new token (a user token or a global analysis token) and see if it works in place of the project token that was generated?
Andy_Evans
(Andy Evans)
September 14, 2023, 4:34am
11
I seem to be having this same issue. I’ve tried creating a different PAT but still received the same error. I tried creating a new user with permission to run analysis and create projects but still received the same error. I’m running the Enterprise version.
Okay, I figure it out. I finally can analyze the c-family example.
The problem come from the project token.
I chose the option [Use existing token] before because it is convenient to use the same token.
I chose the other option [Generate a project token] to generate a new token.
I run the command from the website and the analysis runs successfully.
INFO: Analysis total time: 15.888 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 17.556s
INFO: Final Memory: 34M/128M
INFO: ------------------------------------------------------------------------
Thanks for your assistance!
1 Like
Colin
(Colin)
September 14, 2023, 9:13am
13
Thanks for the update. Project analysis tokens are project specific and can’t be used for other projects.
Andy_Evans
(Andy Evans)
September 15, 2023, 1:48am
14
It turns out my issue was unrelated. A Firewall was returning a 403 status code on only the api/ce/submit endpoint. The client interpreted the 403 as coming from the server and returned the error above. After updating the firewall the error went away.
EDIT:
See here. It just checks the code without examining the body.
if (hasCredentials) {
// credentials are not valid
throw MessageException.of(format("Not authorized. Please check the user token in the property '%s' or the credentials in the properties '%s' and '%s'.",
ScannerWsClientProvider.TOKEN_PROPERTY, CoreProperties.LOGIN, CoreProperties.PASSWORD));
}
// not authenticated - see https://jira.sonarsource.com/browse/SONAR-4048
throw MessageException.of(format("Not authorized. Analyzing this project requires authentication. " +
"Please check the user token in the property '%s' or the credentials in the properties '%s' and '%s'.",
ScannerWsClientProvider.TOKEN_PROPERTY, CoreProperties.LOGIN, CoreProperties.PASSWORD));
}
if (code == HTTP_FORBIDDEN) {
logResponseDetailsIfDebug(response);
throw MessageException.of("You're not authorized to analyze this project or the project doesn't exist on SonarQube" +
" and you're not authorized to create it. Please contact an administrator.");
}
if (code == HTTP_BAD_REQUEST) {
String jsonMsg = tryParseAsJsonError(response.content());
if (jsonMsg != null) {
throw MessageException.of(jsonMsg);
}
}
1 Like
Hello Team ,
When I automate the sonarqube with jenkins getting below error
Jenkinfile mentioned
stage(‘Sonar analysing’) {
steps {
withSonarQubeEnv(‘global-sonar’) {
script {
rtGradle.run rootDir: “”, buildFile: ‘build.gradle’, tasks: ‘–info sonarqube’, buildInfo: buildInfo
}
sh “./gradlew --info --scan --stacktrace sonarqube”
}
}
}
In above stage getting error
FAILURE: Build failed with an exception.
What went wrong:
Execution failed for task ‘:sonarqube’.
You’re not authorized to run analysis. Please contact the project administrator.