I’m trying to test support for .NET 8 application analysis locally.
Following the instructions when creating a new product in Sonarcloud for .NET projects results in a 403.
I know for certain that my credentials are correct, because I can execute the analysis using the standalone tool, as can be seen below.
./sonar-scanner-5.0.1.3006-linux/bin/sonar-scanner \
-Dsonar.organization=realmdigital \
-Dsonar.projectKey=realmdigital_test \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarcloud.io
INFO: Scanner configuration file: sonar-scanner-5.0.1.3006-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 5.0.1.3006
INFO: Java 17.0.7 Eclipse Adoptium (64-bit)
INFO: Linux 6.5.0-35-generic amd64
INFO: User cache: .sonar/cache
INFO: Analyzing on SonarCloud
INFO: Default locale: "en_ZA", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=554ms
INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
INFO: Loading required plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=192ms
INFO: Load/download plugins
INFO: Load/download plugins (done) | time=16ms
INFO: Load project settings for component key: 'realmdigital_test'
INFO: Load project settings for component key: 'realmdigital_test' (done) | time=194ms
INFO: Process project properties
INFO: Project key: realmdigital_test
//snipped
ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=realmdigital_test
This obviously wont scan my .NET code, so I want to use the ‘dotnet-sonarscanner’ (version ‘6.2.0’) tool
dotnet sonarscanner begin \
/o:realmdigital \
/k:realmdigital_test \
/d:sonar.host.url=https://sonarcloud.io
onarScanner for MSBuild 6.2
Using the .NET Core version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories...
13:37:23.977 Updating build integration targets...
13:37:24.807 Fetching analysis configuration settings...
Unhandled exception. System.Net.Http.HttpRequestException: Response status code does not indicate success: 403.
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at SonarScanner.MSBuild.PreProcessor.WebClientDownloader.TryDownloadIfExists(String url, Boolean logPermissionDenied)
at SonarScanner.MSBuild.PreProcessor.WebServer.SonarWebServer.DownloadQualityProfile(String projectKey, String projectBranch, String language)
at SonarScanner.MSBuild.PreProcessor.PreProcessor.FetchArgumentsAndRuleSets(ISonarWebServer server, ProcessedArgs args, BuildSettings settings)
at SonarScanner.MSBuild.PreProcessor.PreProcessor.DoExecute(ProcessedArgs localSettings)
at SonarScanner.MSBuild.PreProcessor.PreProcessor.Execute(IEnumerable`1 args)
at SonarScanner.MSBuild.BootstrapperClass.PreProcess()
at SonarScanner.MSBuild.BootstrapperClass.Execute()
at SonarScanner.MSBuild.Program.Execute(String[] args, ILogger logger)
at SonarScanner.MSBuild.Program.Execute(String[] args)
at SonarScanner.MSBuild.Program.Main(String[] args)
at SonarScanner.MSBuild.Program.<Main>(String[] args)
As you can see, the parameters for the standalone CLI and the dotnet tool are identical, both using the SONAR_TOKEN from my environment.
Either the instructions provided by Sonarcloud are incorrect, or is there a fundamental issue with the dotnet tool.
I’d appreciate any support here, as this is an essential issue that will block our organization from adopting paid sonarcloud