New SonarCloud scans failing all of a sudden

• ALM used (GitHub, Bitbucket Cloud, Azure DevOps)
  Github

• CI system used (Bitbucket Cloud, Azure DevOps, Travis CI, Circle CI
  CircleCI

• Scanner command used when applicable (private details masked)
  sonar-scanner -Dsonar.projectKey=drdk_drn-city-map-quiz -Dsonar.branch.name=master -Dsonar.organization=drdk -Dsonar.sources=. -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=***************************************

• Languages of the repository
  We’ve seen this with both .net core and nodejs - even static apps

• Only if the SonarCloud project is public, the URL
  private

  • And if you need help with pull request decoration, then the URL to the PR too
    n/a

• Error observed (wrap logs/code around with triple quotes ``` for proper formatting)

09:15:20.722 INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
09:15:20.726 INFO: Project root configuration file: NONE
09:15:20.771 INFO: SonarScanner 4.3.0.2102
09:15:20.771 INFO: Java 11.0.5 Alpine (64-bit)
09:15:20.771 INFO: Linux 4.15.0-1067-aws amd64
09:15:20.983 DEBUG: keyStore is :
09:15:20.984 DEBUG: keyStore type is : pkcs12
09:15:20.984 DEBUG: keyStore provider is :
09:15:20.984 DEBUG: init keystore
09:15:20.984 DEBUG: init keymanager of type SunX509
09:15:21.148 DEBUG: Create: /root/.sonar/cache
09:15:21.150 INFO: User cache: /root/.sonar/cache
09:15:21.150 DEBUG: Create: /root/.sonar/cache/_tmp
09:15:21.153 DEBUG: Extract sonar-scanner-api-batch in temp...
09:15:21.159 DEBUG: Get bootstrap index...
09:15:21.160 DEBUG: Download: https://sonarcloud.io/batch/index
09:15:21.820 DEBUG: Get bootstrap completed
09:15:21.826 DEBUG: Create isolated classloader...
09:15:21.838 DEBUG: Start temp cleaning...
09:15:21.843 DEBUG: Temp cleaning done
09:15:21.843 INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
09:15:21.844 INFO: Project root configuration file: NONE
09:15:21.845 INFO: Analyzing on SonarCloud
09:15:21.845 INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
09:15:21.846 DEBUG: Work directory: /root/project/.scannerwork
09:15:21.848 DEBUG: Execution execute
09:15:22.272 DEBUG: SonarCloud 8.0.0.8914
09:15:22.574 INFO: Load global settings
09:15:23.159 DEBUG: GET 200 https://sonarcloud.io/api/settings/values.protobuf | time=583ms
09:15:23.168 INFO: Load global settings (done) | time=595ms
09:15:23.175 INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
09:15:23.178 INFO: User cache: /root/.sonar/cache
09:15:23.183 INFO: Load/download plugins
09:15:23.183 INFO: Load plugins index
09:15:23.281 DEBUG: GET 200 https://sonarcloud.io/api/plugins/installed | time=98ms
09:15:23.325 INFO: Load plugins index (done) | time=142ms
09:15:23.776 INFO: Load/download plugins (done) | time=593ms
09:15:23.951 DEBUG: Plugins:
09:15:23.951 DEBUG:   * SonarCSS 1.2.0.1325 (cssfamily)
09:15:23.951 DEBUG:   * SonarPLSQL 3.4.1.2576 (plsql)
09:15:23.951 DEBUG:   * SonarScala 1.7.0.883 (sonarscala)
09:15:23.951 DEBUG:   * C# Code Quality and Security 8.8.0.18411 (csharp)
09:15:23.951 DEBUG:   * Vulnerability Analysis 8.4.0-M1.2226 (security)
09:15:23.951 DEBUG:   * Java Code Quality and Security 6.5.0.22421 (java)
09:15:23.951 DEBUG:   * SonarHTML 3.2.0.2082 (web)
09:15:23.951 DEBUG:   * SonarFlex 2.5.1.1831 (flex)
09:15:23.951 DEBUG:   * SonarXML 2.0.1.2020 (xml)
09:15:23.951 DEBUG:   * SonarTS 2.1.0.4359 (typescript)
09:15:23.951 DEBUG:   * VB.NET Code Quality and Security 8.8.0.18411 (vbnet)
09:15:23.952 DEBUG:   * SonarSwift 4.2.2.77 (swift)
09:15:23.952 DEBUG:   * CFamily Code Quality and Security 6.10.0.18490 (cpp)
09:15:23.952 DEBUG:   * Python Code Quality and Security 2.12.0.7065 (python)
09:15:23.952 DEBUG:   * JaCoCo 1.1.0.898 (jacoco)
09:15:23.952 DEBUG:   * Mercurial 1.1.2 (scmmercurial)
09:15:23.952 DEBUG:   * SonarGo 1.7.0.883 (go)
09:15:23.952 DEBUG:   * SonarKotlin 1.7.0.883 (kotlin)
09:15:23.952 DEBUG:   * SonarTSQL 1.4.0.3334 (tsql)
09:15:23.952 DEBUG:   * SonarApex 1.7.0.883 (sonarapex)
09:15:23.952 DEBUG:   * SonarJS 6.2.1.12157 (javascript)
09:15:23.952 DEBUG:   * SonarRuby 1.7.0.883 (ruby)
09:15:23.952 DEBUG:   * Vulnerability Rules for C# 8.4.0-M1.2226 (securitycsharpfrontend)
09:15:23.953 DEBUG:   * Vulnerability Rules for Java 8.4.0-M1.2226 (securityjavafrontend)
09:15:23.953 DEBUG:   * License for SonarLint 8.0.0.8914 (license)
09:15:23.953 DEBUG:   * SonarCOBOL 4.4.0.3403 (cobol)
09:15:23.953 DEBUG:   * Vulnerability Rules for Python 8.4.0-M1.2226 (securitypythonfrontend)
09:15:23.953 DEBUG:   * Git 1.11.1.2008 (scmgit)
09:15:23.954 DEBUG:   * PHP Code Quality and Security 3.5.0.5655 (php)
09:15:23.956 DEBUG:   * SonarABAP 3.8.0.2034 (abap)
09:15:23.956 DEBUG:   * Vulnerability Rules for PHP 8.4.0-M1.2226 (securityphpfrontend)
09:15:23.994 INFO: Loaded core extensions: developer-scanner
09:15:24.025 DEBUG: Installed core extension: developer-scanner
09:15:24.938 INFO: Process project properties
09:15:24.948 DEBUG: Process project properties (done) | time=10ms
09:15:24.950 INFO: Execute project builders
09:15:24.951 DEBUG: Execute project builder: org.sonar.plugins.csharp.CSharpGlobalProtobufFileProcessor
09:15:24.954 DEBUG: Execute project builder: org.sonar.plugins.vbnet.VbNetGlobalProtobufFileProcessor
09:15:24.956 INFO: Execute project builders (done) | time=6ms
09:15:24.958 INFO: Project key: drdk_drn-city-map-quiz
09:15:24.958 INFO: Base dir: /root/project
09:15:24.958 INFO: Working dir: /root/project/.scannerwork
09:15:24.958 DEBUG: Project global encoding: UTF-8, default locale: en_US
09:15:24.961 DEBUG: Creating module hierarchy
09:15:24.961 DEBUG:   Init module 'drdk_drn-city-map-quiz'
09:15:24.962 DEBUG:     Base dir: /root/project
09:15:24.962 DEBUG:     Working dir: /root/project/.scannerwork
09:15:24.962 DEBUG:     Module global encoding: UTF-8, default locale: en_US
09:15:25.078 INFO: Load project settings for component key: 'drdk_drn-city-map-quiz'
09:15:25.181 DEBUG: GET 404 https://sonarcloud.io/api/settings/values.protobuf?component=drdk_drn-city-map-quiz | time=103ms
09:15:25.267 INFO: Found an active CI vendor: 'CircleCI'
09:15:25.270 INFO: Load project branches
09:15:25.363 DEBUG: GET 404 https://sonarcloud.io/api/project_branches/list?project=drdk_drn-city-map-quiz | time=92ms
09:15:25.363 DEBUG: Could not process project branches - continuing without it
09:15:25.364 INFO: Load project branches (done) | time=94ms
09:15:25.367 INFO: Check ALM binding of project 'drdk_drn-city-map-quiz'
09:15:25.460 DEBUG: GET 404 https://sonarcloud.io/api/alm_integration/is_project_bound?project=drdk_drn-city-map-quiz | time=92ms
09:15:25.460 INFO: Detected project binding: NONEXISTENT
09:15:25.461 INFO: Check ALM binding of project 'drdk_drn-city-map-quiz' (done) | time=94ms
09:15:25.463 INFO: Load project pull requests
09:15:25.554 DEBUG: GET 404 https://sonarcloud.io/api/project_pull_requests/list?project=drdk_drn-city-map-quiz | time=90ms
09:15:25.554 DEBUG: Could not process project pull requests - continuing without it
09:15:25.556 INFO: Load project pull requests (done) | time=93ms
09:15:25.559 INFO: Load branch configuration
09:15:25.560 DEBUG: Found manual configuration of branch/PR analysis. Skipping automatic configuration.
09:15:25.568 INFO: ------------------------------------------------------------------------
09:15:25.569 INFO: EXECUTION FAILURE
09:15:25.569 INFO: ------------------------------------------------------------------------
09:15:25.569 INFO: Total time: 4.857s
09:15:25.660 INFO: Final Memory: 7M/80M
09:15:25.660 INFO: ------------------------------------------------------------------------
09:15:25.660 ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: Unable to load component class org.sonar.scanner.scan.filesystem.InputComponentStore
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:51)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
        at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
        at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
        at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
        at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)
        at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)
        at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
        at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
        at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)
        at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
        at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
        at org.picocontainer.DefaultPicoContainer.instantiateComponentAsIsStartable(DefaultPicoContainer.java:1034)
        at org.picocontainer.DefaultPicoContainer.addAdapterIfStartable(DefaultPicoContainer.java:1026)
        at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1003)
        at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:121)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:108)
        at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:126)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:122)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:108)
        at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:58)
        at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:52)
        at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
        at com.sun.proxy.$Proxy0.execute(Unknown Source)
        at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
        at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
        at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Unable to load component interface org.sonar.scanner.scan.branch.BranchConfiguration
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:51)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
        at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
        at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
        at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
        at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)
        at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)
        at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
        at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
        at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)
        at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
        at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
        at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:49)
        ... 34 more
Caused by: Could not find a default branch to fall back on.

• Steps to reproduce
  the projects that are hit by this, just won’t work.
  we have the exact same script, same CI, same github org working just fine with other old AND new repos

• Potential workaround
  none…

tried:
-resetting our github<->sonarcloud authorization
-won’t run if i run it locally with the latest linux cli
-won’t run if i run it locally with the latest windows cli

It seemed to start ~1month ago ?

Hi Stefan,

It looks like the issue here is the following failed calls:

09:15:25.078 INFO: Load project settings for component key: ‘drdk_drn-city-map-quiz’
09:15:25.181 DEBUG: GET 404 https://sonarcloud.io/api/settings/values.protobuf?component=drdk_drn-city-map-quiz | time=103ms

09:15:25.270 INFO: Load project branches
09:15:25.363 DEBUG: GET 404 https://sonarcloud.io/api/project_branches/list?project=drdk_drn-city-map-quiz | time=92ms
09:15:25.363 DEBUG: Could not process project branches - continuing without it

This may be caused by insufficient permissions on the token that you supplied.

The permissions used are those of the user who created the access token, so you should check if you have 'Execute Analysis` permission for those failing projects.

Another possibility is that the projectKey is not valid.

we are using the same access token across all our scans, eg. same permissions, same user, same token, same client version

the projects that fail doesn’t pop up in sonarcloud when we start the initial scan.

However
just for good measure, i retried it just now with a fresh repo - and it works flawlessly.

but with SOME!? repos it just doesn’t work properly

this is a output of a succesful run with a clean repo (empty but a dockerfile, and no -X):

INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 4.3.0.2102
INFO: Java 11.0.5 Alpine (64-bit)
INFO: Linux 4.15.0-1067-aws amd64
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: Analyzing on SonarCloud
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=559ms
INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=126ms
INFO: Load/download plugins (done) | time=23886ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=3ms
INFO: Project key: drdk_semasample-42
INFO: Base dir: /root/project
INFO: Working dir: /root/project/.scannerwork
INFO: Load project settings for component key: 'drdk_semasample-42'
INFO: Load project settings for component key: 'drdk_semasample-42' (done) | time=203ms
INFO: Found an active CI vendor: 'CircleCI'
INFO: Load project branches
INFO: Load project branches (done) | time=98ms
INFO: Check ALM binding of project 'drdk_semasample-42'
INFO: Detected project binding: BOUND
INFO: Check ALM binding of project 'drdk_semasample-42' (done) | time=98ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=101ms
INFO: Load branch configuration
INFO: Load branch configuration (done) | time=1ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=132ms
INFO: Load active rules
INFO: Load active rules (done) | time=3301ms
INFO: Organization key: drdk
INFO: Branch name: ******-pipeline-setup, type: short living
INFO: SCM collecting changed files in the branch
INFO: SCM collecting changed files in the branch (done) | time=215ms
INFO: Indexing files...
INFO: Project configuration:
INFO: 2 files indexed
INFO: 0 files ignored because of scm ignore settings
INFO: ------------- Run sensors on module drdk_semasample-42
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=113ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/root/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
INFO: Sensor SonarCSS Rules [cssfamily]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor SonarCSS Rules [cssfamily] (done) | time=0ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=0ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=3ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=0ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /root/project/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /root/project/.scannerwork/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=2ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /root/project/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /root/project/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /root/project/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /root/project/.scannerwork/ucfg2/php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /root/project/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /root/project/.scannerwork/ucfg2/python
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=0ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=1ms
INFO: CPD Executor Calculating CPD for 0 files
INFO: CPD Executor CPD calculation finished (done) | time=0ms
INFO: SCM writing changed lines
INFO: SCM writing changed lines (done) | time=3ms
INFO: Analysis report generated in 63ms, dir size=150 KB
INFO: Analysis report compressed in 8ms, zip size=28 KB
INFO: Analysis report uploaded in 197ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=drdk_semasample-42&branch=******-pipeline-setup&resolved=false
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=AXLhFAEkuHCn_oEfgvMy
INFO: Analysis total time: 8.021 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 35.749s
INFO: Final Memory: 30M/308M
INFO: ------------------------------------------------------------------------

One discrepancy i can see is the :
Detected project binding: BOUND/NONEXISTENT

Hello @StefanMadsen,

Apologies for the delay in response.

It is possible that the project key of that project was updated, could you please double-check that the project key you have configured is the same as the key on SonarCloud?

The project key used by the scanner is drdk_drn-city-map-quiz, is that the same key as what you see when you navigate to the project on SonarCloud and click on Administration > Update Project Key?

What do you mean by this?

You have to create your project first through the SonarCloud UI, only then can you execute your first scan. Can you find the project you want to analyze on the SonarCloud UI?

Hi Tom,

We are experiencing the same issue, and what I think Stefan means is that the project does not yet exist. It used to work in such a way that the project would automatically be created on the first scan of a project. It would use the provided key for this new project.

I have the same situation where I have a new project that has nog been scanned before. When scanning it I get the same error, also with the NONEXISTENT message on the project bind:

INFO: Check ALM binding of project ‘DataPlatform.XXX’
INFO: Detected project binding: NONEXISTENT
INFO: Check ALM binding of project ‘DataPlatform.XXX’ (done) | time=15ms

Kind regards,

Jeroen Vos

Hello @Vossekop,

We are currently working on dropping the feature that allows you to create your project from the first scan. We prefer projects that are linked to their respective ALM (GitHub, Gitlab, BitBucket Cloud, Azure DevOps) because we offer a lot more features when this link exists.

That being said we are still working on dropping that, so what your are experiencing seems to be a regression. When we drop the feature we will provide a clear message in the scan output.

It would help me a lot if you could specify which CI you were running on and with which properties you launch the scan.

I am running Azure DevOps and use the SonarCloud pipeline tasks. I use the following properties:

SonarCloud: our sonar cloud service connection in Azure DevOps
organization: our organization name
projectKey: our unique project identifier
projectName: same as projectKey
projectVersion: the unique build number of running pipeline

Is this no longer the recommended way of doing it? I am puzzled by this, since this is by far the most convenient way of setting up new projects.

What I have done by the way is write an Azure function that is called by a webhook on project creation which sets up our PR integration settings for the new project.

Hi @Vossekop

Are you trying to auto-provision new projects when analysing pull requests ? If yes, then this will work only on the default branch of the repo, since on our side we will need at least a first analysis on that branch to be able to analyse PR after.

Out of curiosity, why do you need to create (don’t know how much per day/week/months) many projects at once ? Is there anything that retain you for not doing that through the SC UI ?

Thanks.
Mickaël

Hi Mickaël,

We have 12 teams all creating projects and analyzing them through Azure DevOps pipelines. They have never used the SonarCloud UI to create a project, and not all users have permission to create a new project from SonarCloud UI either.

It is just that changing an automated process to include a new manual step is… hard to sell as a DevOps engineer… when I have been pushing them to automate as much as possible.

Kind Regards,

Jeroen

Ps. Didn’t you fix that PR branch analysis thing needing to be done on default branch first? Or at least kept it from breaking the build?

Thanks for your hint, we will think again about that when we’ll be working on that spec phase.
Do those teams analyze PR as well on their projects ? If yes, how do they set each PAT for each project ? Please note that one of the advantage to move to a strong binding will be (out of other things) to have an organization wide PAT which will be able to decorate all the projects.

Sorry i don’t get you point here, what did you mean ?

Thanks.

Hi Mickaël,

They almost exclusively use PR decoration for their SonarCloud work. As specified in an earlier post I’ve set-up a webhook and SonarCloud API access to configure projects automatically with a PAT upon project creation.

It is unclear to me what this strong binding is that you talk about, I see no option for organization wide PAT binding anywhere. Also if a PAT can be organization wide, would it not be automatically created for new projects anyway (even if they are created by an initial analysis)?

Regarding my ps. point: We used to receive messages on new projects indicating that we first needed to scan the default branch (master, currently) before a PR could be scanned. However, I have not received this message in a while for new projects making me think that this requirement was lifted some time ago.

That’s normal, this new feature has not been implemented yet.

And that’s certainly the reason while it’s failing, the requirement is still there, you should analyze the default branch of your repo before doing anything else. I’m going to have a look at that.

Thanks

So we tracked down the most likely culprit. which would an error happening during project creation. as part of our CI/CD pipeline onboarding flow, when a new application is created in our pipeline, the sonar project is created via the following script:

export default class SonarCloudService {
    public async addProject(repositoryName, repositoryId): Promise<void> {
        let form = new FormData();
        form.append('installationKeys', `drdk/${repositoryName}|${repositoryId}`);
        form.append('organization', 'drdk');

        let config: AxiosRequestConfig = {
            auth: {
                username: Config.SonarToken(),
                password: ''
            },
            headers: form.getHeaders()
        };

        await axios.post('https://sonarcloud.io/api/alm_integration/provision_projects', form, config);
    }

We can’t see any errors or timeouts in our logs, but we can confirm that the projects that are failing aren’t created/doesn’t exist in sonarcloud. So we will need to create a more robust setup here, interestingly we haven’t seen this happen until ~1 month ago.

as Vossekop also mentions regarding their users, - everything is setup automatically with out setup too. Users will simply get a scan result and link to the dashboard. They aren’t expected to configure anything in sonarcloud (initially) - only if they require more advanced filtering or setups they request access and can configure whatever they need.

Hello @StefanMadsen and @Vossekop ,

Thanks for your explanations! That clears things up.
There are two slightly different scenarios here, but they end up with the same result.

You are using a custom script to automatically create a project, whereas @Vossekop expects the sonar-scanner to create the project automatically.

In the case of @Vossekop the project only gets created on SonarCloud side when the scan is complete, so during the scan the project is not available yet. In the case of @StefanMadsen your custom script fails to create the project on SonarCloud side, so during the scan the project is not available either.

It seems that we broke something when the scanner runs on a project that is not known on SonarCloud side. As @mickaelcaro noted this probably only happens when the analysis is done is not a main branch analysis. If it is done in the context of a PR the scanner will automatically detect this from the CI and fail if it can’t find any branch on SonarCloud side. (like you mentioned @Vossekop we do support scanning a PR without having scanned the base branch first so the scanner should not fail here, and it wouldn’t have failed if your project was already created on SonarCloud).

However as @mickaelcaro and I mentioned before we plan to stop supporting running scans on projects that do not exist on SonarCloud side soon. That means that the scenario that @Vossekop is using won’t be supported anymore. However we have noted your feedback and will look into supporting your usecase.

I will follow-up with @StefanMadsen privately to see why the creation of the project using the API failed. However the api/alm_integration/provision_projects API is currently an internal one, this means that it can change at anytime without any warning.