Failing to upload analysis result to sonarqube if project is not existing

Hello all.

I am working on a PoC for a project where I want to integrate Sonarqube scans as part of Azure DevOps pipelines for a Java based application.

For the purpose, I am running the Community version on a server as virtual machine and using version 9.5.0.56709 of the Sonar code. For the pipelines I am using the latest maven plugin version by default (currently 3.9.1.2184).

I was able to get the analysis uploaded to the server if I create a project in Sonarqube GUI prior to running the analysis and either a) passing the project key to the maven config or b) setting the key in sonarqube as to what the maven plugin will send by default. So far so good, confirming the user whose token I am using has Global analysis and also Project analysis permissions.

What I am failing as though is to upload the analysis resuts if the project does not exist prior the initial run in Sonarqube. As per my understanding of the documentation, if there is no project existing, a new one should be created.

For that purpose, I granted the user global create project and global run analysis permissions. I recreated the user token and updated the connection details in Azure. I also made sure to grant run analysis permissions for the “creator” in the default projects template. The default option for new projects is for them to be Private, but I also tested with Public option - much to the same result. The error I am getting is:
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project Playground-Java: Failed to upload report: You’re not authorized to run analysis. Please contact the project administrator. → [Help 1]

The debug version of the maven execution shows that I am getting 403 on the POST to the sonarqube API.

Am I missing something in the configuration as such, or is it a version limitation?

Any help would be greatly appreciated, as I am fresh out of ideas.

Thank you in advance!

Hi,

Welcome to the community!

I assume you created a Global Analysis Token for this.

Unfortunately, and contrary to my personal expectations, this token type does not have project creation rights. :roll_eyes:

The developers’ assumption was that every project would be provisioned via DevOps import before first analysis.

I’ve raised this internally, but unfortunately nothing is settled yet. Having a second Community user who stubbed a toe on this should be helpful. It would be even more helpful if you could expand a little on why it’s not natural / feasible / whatever for you to import every project via our wizards before first analysis.

And in the meantime, I’m afraid you’re going to have to fall back to using a User Token for this use case.

 
:slightly_frowning_face:
Ann

Hello Ann,

Thank you for the feedback.

Your assumption is correct, I am using a Global Analysis Token. Will have to see if the User Token can be used when creating a service connection in Azure DevOps, I need to try this out. Is this something that you are aware of?

The main reason I am aiming for the automatic project creation is simple - should this PoC go through, the Sonarqube will be inspecting several microservice-type projects, each with dozens of repositories, often 40+. Obviously it is out of pure inconvenience to import them all prior.

Thank you!

BR,
Nick

1 Like

Hi Nick,

Thanks for the detail.

There’s no reason a User Token wouldn’t work for this. In fact, before 9.5, that was the only token type.

 
HTH,
Ann