I am receiving the following error in my GitHub Actions pipeline when executing the SonarQube analys

SonarQube Server / Community Build
1

ERROR: You’re not authorized to analyze this project or the project doesn’t exist on SonarQube, and you’re not authorized to create it. Please contact an administrator.

I tested multiple versions (25.9 and 25.10) using SonarQube Community Edition, and the error persists.

Important observation

The token can successfully retrieve project configuration (quality gates, settings, metadata, etc.), and the scanner runs successfully locally and in GitHub Actions.

The error occurs only when the scanner attempts to push/upload the final analysis report to the SonarQube instance.
This indicates:

  • The token is valid
  • The connection is working
  • The project is accessible
  • Initial API permissions are correct

But something blocks the final upload step.

What I have already tried

  • Tested multiple tokens:

    • Global tokens
    • User tokens
    • Project-specific tokens
      All generated with the admin user.

  • Tested SonarQube 25.9 and 25.10 Community Edition

  • Made the project public

  • Granted all permissions (Browse, Execute Analysis, Administer, Provision Projects, etc.) to the admin user

  • Enabled global settings for:

    • “Allow users to provision projects”
    • “Allow users to execute analysis”

  • Reviewed all logs:

    • web.log
    • ce.log
    • access.log
    • server.log
    • deprecation.log
      No relevant errors appear.

Environment

  • SonarQube Community Edition 25.9 / 25.10 (tested both)
  • GitHub Actions using SonarScanner (Gradle)
  • Linux runner in GitHub Actions
  • Authentication via token

Expected Behavior

The scanner should be able to:

  • Analyze an existing project, or
  • Provision the project if allowed, and
  • Upload the analysis report to the server.

Actual Behavior

  • The scanner retrieves project configuration successfully
  • The scanner runs the analysis successfully
  • The pipeline fails at the moment of uploading the final report, with the authorization error above.

Additional Notes

Since the issue began exactly on November 7, and no permissions, tokens, or CI settings were changed, I am wondering if:

  • There was a behavioral change in the Community Edition
  • A regression was introduced around versions 25.9 / 25.10
  • Some new permission or scope requirement was added for uploading reports
  • Project provisioning logic changed
  • A bug affects the final upload step even when authentication and read permissions are valid

I am available to provide additional logs, configuration details, or test scenarios if needed.

Thanks!

2

Hi,

There is likely something on your network, e.g. a proxy, that’s blocking the analysis report submission. You should check with your network folks.

At a guess, your proxy is returning a 403, and the scanner is interpreting that as a token problem. But if the analysis succeeds to the point of generating an analysis report, it’s not actually a problem with the token (as you’ve alluded.)

 
HTH,
Ann

1 Like
3

i am using github Actions, exposing ECS sonar service via ALB, 443 all traffic allowed, even the project is public, i do no think is network related

4

Hi,

I’m not sure what else to tell you. As I said, given how far you get in the analysis process, this is not related to your SonarQube permissions.

 
Ann

1 Like