We’ve been using Sonar Cloud for years now. Code analysis just started failing on all our pipelines with a 403 and the below error message. The org key is correct and hasnt changed.
Here is the ADO Error:
##[error]17:04:23.25 Failed to request and parse '[https://sonarcloud.io/api/qualityprofiles/search?project=omitted&organization=omitted'](https://sonarcloud.io/api/qualityprofiles/search?project=omitted&organization=omitted%27): Response status code does not indicate success: 403 ().
{
"errors": [
{
"msg": "No organization with key 'omitted''"
}
]
}
This is resolved.
Yesterday I had removed several users no longer with the company, including the user whose sonar token was used in our ADO SPN. I did check the SPN after removing this user from our org by clicking the verify button, which succeeded.
Talking with support it succeeded b/c the verify button only validates that token itself, not the access to any specific orgs/projects. B/c this user still has an account in SonarCloud the verification was successful.
I resolved my blocking issue by creating a new token for the SPN.
My feedback for SC is that it would be nice to allow us to input the ORG key in the SPN to verify token access to that org. Multiple SPNs can then be created to handle multiple Orgs.