Intermittent 403 for requests sent from GitHub actions

Hi team I am running into an intermittent issue with the sonar-scanner-action github composite action version 8.1.0

Run sonarsource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995
Installing Sonar Scanner CLI 8.1.0.6389 for linux-x64...
Downloading from: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-8.1.0.6389-linux-x64.zip
Error: Action failed: Unexpected HTTP response: 403

Basically this is what happens:

1. it runs on CI and fails
2. I rerun the failed job and then it passes and no 403 it is able to download the zip

I am using a Sonar User Token to pull down the binaries and the version I am on for the SonarQube Enterprise is v2026.1

This is failing with a 403 intermittently so I do not believe it is an authentication issue or we would see this failing consistently when it is not. This also happens when I downgrade to v1.7.0 so it seems to be happening to more than just one of the binaries. Any thoughts on what this intermittent issue is due to ?

We are experiencing the same issue.

Hi all,

Welcome to the Community, @timsavage and thanks both of you for these reports!

We’re investigating.

 
Ann

We have started seeing this issue again today June 4. Can you confirm if its the same issue as last time an update from sonar cloud?

Hello @divya_nayaka, thanks for reporting, I have moved your reply from Bitbucket pipeline pipe cannot authenticate with Sonar token since this morning to this post for easier follow up. It seems like a very similar issue indeed, and we are investigating it.

Hi all,

Can you share where your jobs are running? Is this GHActions runners? ADO? Something else? And are your runners self-hosted or hosted by the providers?

 
Thx,
Ann

I am randomly getting HTTP 403 while downloading the binaries for sonar-scan-cli from github actions. However, the problem does not exist in local run or directly hitting the URL

• ALM used: GitHub
• CI system used: Github Actions

Run SonarSource/sonarqube-scan-action@master
  with:
    projectBaseDir: .
    scannerVersion: 8.1.0.6389
    scannerBinariesUrl: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli
    skipSignatureVerification: false
  env:
    GITHUB_TOKEN: ***
    SONAR_TOKEN: ***
Installing Sonar Scanner CLI 8.1.0.6389 for linux-x64...
Downloading from: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-8.1.0.6389-linux-x64.zip
Error: Action failed: Unexpected HTTP response: 403

I’m experiencing the same issue in the last couple of hours - GitHub Actions, with their default providers, using the SonarSource/sonarqube-scan-action@v6 action.

Hello all,

Thanks for all the info you’re providing. You can track progress on this incident in the status page. Thanks for your patience!

Hi, my org started seeing this behavior yesterday. This happens sporadically, about half our builds from Github actions fail with the following error:

Failed to query JRE metadata: GET https://api.sonarcloud.io/analysis/jres?os=linux&arch=x86_64 failed with HTTP 403. Please check the property sonar.token or the environment variable SONAR_TOKEN.

Is this issue still ongoing or is this a new issue?

Hi @Jacob-Lowey_octa, thanks for reporting this, I moved your post here because it looks like you’re experiencing this same incident. You can track this item in the status page.

Hi all, the issue has been mitigated. Could you please retry your GitHub Actions and let us know if the issue persists?

We’ve seen the same 403 issue as reported by others. Ran the GH actions now and some runs succeed but a few failed with this error:

20:38:28.156 ERROR Error during SonarScanner CLI execution
org.sonarsource.scanner.lib.internal.http.HttpException: GET https://scanner.sonarcloud.io/jres/OpenJDK21U-jre_x64_linux_hotspot_21.0.9_10.tar.gz failed with HTTP 403 Forbidden
	at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callUrlWithRedirectsAndProxyAuth(ScannerHttpClient.java:176)
	at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callUrlWithRedirects(ScannerHttpClient.java:145)
	at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.callUrl(ScannerHttpClient.java:141)
	at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.downloadFile(ScannerHttpClient.java:92)
	at org.sonarsource.scanner.lib.internal.http.ScannerHttpClient.downloadFromExternalUrl(ScannerHttpClient.java:78)
	at org.sonarsource.scanner.lib.internal.facade.forked.JavaRunnerFactory$JreDownloader.download(JavaRunnerFactory.java:256)
	at org.sonarsource.scanner.downloadcache.DownloadCache.download(DownloadCache.java:92)
	at org.sonarsource.scanner.downloadcache.DownloadCache.getOrDownload(DownloadCache.java:80)
	at org.sonarsource.scanner.lib.internal.facade.forked.JavaRunnerFactory.getJreFromServer(JavaRunnerFactory.java:146)
	at org.sonarsource.scanner.lib.internal.facade.forked.JavaRunnerFactory.createRunner(JavaRunnerFactory.java:88)
	at org.sonarsource.scanner.lib.internal.facade.forked.ScannerEngineLauncherFactory.createLauncher(ScannerEngineLauncherFactory.java:61)
	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.buildNewFacade(ScannerEngineBootstrapper.java:196)
	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrapCloud(ScannerEngineBootstrapper.java:161)
	at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrap(ScannerEngineBootstrapper.java:149)
	at org.sonarsource.scanner.cli.Main.analyze(Main.java:76)
	at org.sonarsource.scanner.cli.Main.main(Main.java:64)

Again a 403 on download.

Hey @mortenmorten, thanks for reporting this, we were not aware that the issue also affected scanner.sonarcloud.io, so our fixes so far didn’t cover this URL. I have relayed this to our team and the fix is on its way, I’ll keep you posted!

@mortenmorten the issue is mitigated on scanner.sonarcloud.io/, could you try again?

@andres Thank you! No problems on my last run.