.NET tool 403 error

I’m trying to test support for .NET 8 application analysis locally.

Following the instructions when creating a new product in Sonarcloud for .NET projects results in a 403.

I know for certain that my credentials are correct, because I can execute the analysis using the standalone tool, as can be seen below.

./sonar-scanner-5.0.1.3006-linux/bin/sonar-scanner  \
  -Dsonar.organization=realmdigital \
  -Dsonar.projectKey=realmdigital_test \
  -Dsonar.sources=. \
  -Dsonar.host.url=https://sonarcloud.io
INFO: Scanner configuration file: sonar-scanner-5.0.1.3006-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 5.0.1.3006
INFO: Java 17.0.7 Eclipse Adoptium (64-bit)
INFO: Linux 6.5.0-35-generic amd64
INFO: User cache: .sonar/cache
INFO: Analyzing on SonarCloud
INFO: Default locale: "en_ZA", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=554ms
INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
INFO: Loading required plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=192ms
INFO: Load/download plugins
INFO: Load/download plugins (done) | time=16ms
INFO: Load project settings for component key: 'realmdigital_test'
INFO: Load project settings for component key: 'realmdigital_test' (done) | time=194ms
INFO: Process project properties
INFO: Project key: realmdigital_test
//snipped
ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=realmdigital_test

This obviously wont scan my .NET code, so I want to use the ‘dotnet-sonarscanner’ (version ‘6.2.0’) tool

dotnet sonarscanner begin \                                    
  /o:realmdigital \
  /k:realmdigital_test \
  /d:sonar.host.url=https://sonarcloud.io
onarScanner for MSBuild 6.2
Using the .NET Core version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories...
13:37:23.977  Updating build integration targets...
13:37:24.807  Fetching analysis configuration settings...
Unhandled exception. System.Net.Http.HttpRequestException: Response status code does not indicate success: 403.
   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at SonarScanner.MSBuild.PreProcessor.WebClientDownloader.TryDownloadIfExists(String url, Boolean logPermissionDenied)
   at SonarScanner.MSBuild.PreProcessor.WebServer.SonarWebServer.DownloadQualityProfile(String projectKey, String projectBranch, String language)
   at SonarScanner.MSBuild.PreProcessor.PreProcessor.FetchArgumentsAndRuleSets(ISonarWebServer server, ProcessedArgs args, BuildSettings settings)
   at SonarScanner.MSBuild.PreProcessor.PreProcessor.DoExecute(ProcessedArgs localSettings)
   at SonarScanner.MSBuild.PreProcessor.PreProcessor.Execute(IEnumerable`1 args)
   at SonarScanner.MSBuild.BootstrapperClass.PreProcess()
   at SonarScanner.MSBuild.BootstrapperClass.Execute()
   at SonarScanner.MSBuild.Program.Execute(String[] args, ILogger logger)
   at SonarScanner.MSBuild.Program.Execute(String[] args)
   at SonarScanner.MSBuild.Program.Main(String[] args)
   at SonarScanner.MSBuild.Program.<Main>(String[] args)

As you can see, the parameters for the standalone CLI and the dotnet tool are identical, both using the SONAR_TOKEN from my environment.

Either the instructions provided by Sonarcloud are incorrect, or is there a fundamental issue with the dotnet tool.

I’d appreciate any support here, as this is an essential issue that will block our organization from adopting paid sonarcloud

Hey there.

I would expect the SONAR_TOKEN environment variable to work for both scanners.

To rule out an issue with the token itself, can you try passing the token like so?

dotnet sonarscanner begin \                                    
  /o:realmdigital \
  /k:realmdigital_test \
  /d:sonar.host.url=https://sonarcloud.io \
  /d:sonar.token="token"
dotnet build
dotnet sonarscanner end /d:sonar.token="token"

Thanks Colin

I just tried this now using /d:sonar.token="my_token" and it does work, that’s fantastic, and not really an issue, as we will be running this in a Docker builder anyway

Hey @Shaine_Gordon

Thanks for the followup! I confirm that the Scanner for .NET doesn’t use SONAR_TOKEN (Add support of environment variable to set CLI arguments/options · Issue #1761 · SonarSource/sonar-scanner-msbuild · GitHub) and the SonarCloud manual analysis tutorial should be fixed. I’m flagging this for attention.