Hi Mihai,
We also had the same problem i.e; Dependabot PRs failed due to absence of SONAR_TOKEN.
For you dependabots PRs, SONAR_TOKEN should be added to the Dependabot secrets (repo settings->secrets>Dependabot). Then the dependabot will expose the secret to the github secret context.
“Dependabot secrets are added to the secrets context and referenced using exactly the same syntax as secrets for GitHub Actions.” Ref: Github Reference.
Hope it helps.
Regards,
Arsalan