CI system used: GitLab CI
Scanner command used (if applicable): gradle sonar
(With the rest of the configuration in our gradle build script)
Languages of the repository: Kotlin
Error observed:
We’re experiencing failed analyses only for Merge Request pipelines:
Project not found. Please check the 'sonar.projectKey' and 'sonar.organization' properties, the 'SONAR_TOKEN' environment variable, or contact the project administrator to check the permissions of the user the token belongs to
However, analysis works fine for our main branch. All pipelines use the exact same configuration, and they all have the same access to GitLab variables, including SONAR_TOKEN.
We’re on a paid plan and part of an organization.
Failed runs do not appear at SonarQube Cloud.
I can confirm the setup used to work — we had successful analyses for branches and merge requests. This behavior suddenly stopped around the end of April, without any configuration changes on our side.
I’ve tried everything I can think of, but at this point, I’m completely out of ideas. Any help would be greatly appreciated
Edit:
Adding a little bit more information about our setup:
Relevant section from build.gradle.kts
sonar {
properties {
// Sources
property("sonar.projectKey", "<projectkey>")
property("sonar.projectName", "<projectName>")
property("sonar.organization", "<organizationName>")
property("sonar.token", System.getenv("SONAR_TOKEN"))
property("sonar.host.url", System.getenv("SONAR_HOST_URL"))
property("sonar.exclusions", "**/*.java, **/build/**")
property("sonar.tests", "src/test/kotlin,src/integrationTest/kotlin")
// Coverage Reports
property("sonar.core.codeCoveragePlugin", "jacoco")
// Security Reports
property("sonar.dependencyCheck.jsonReportPath", "$securityVulnerabilitiesReportsDirectory/dependency-check-report.json")
property("sonar.dependencyCheck.htmlReportPath", "$securityVulnerabilitiesReportsDirectory/dependency-check-report.html")
}
}