Public project badge to gitlab 401

  • versions used: SonarQube Version 8.9 (build 43852)
  • error observed:
Request URL: https://{my.sonarqube.domain}/api/project_badges/measure?project={project-key}&metric=alert_status
Request Method: GET
Status Code: 401 
  • steps to reproduce
  1. Make your sonar project as “public”
  2. Add the badge URL to your Gitlab repository.
  3. Gitlab can’t fetch the badge because the API throws 401 error.

How to bypass this issue? I want to add the badge to the repo, avoiding the auth error.

1 Like

Hello @RaedShari
thanks for reaching out with this problem to access project badges on public projects.
Indeed there is a limitation when the SonarQube instance is set with ‘Force User Authentication’ (sonar.forceAuthentication). I guess this would be the case for your SonarQube as this is the default and recommended setup.
On such SonarQube instances, setting the project visibility to “public” provides any authenticated user the Read and Browse permissions for it (Browse is needed by this API endpoint), but anonymous calls are still rejected.

We might be able to improve this as part of MMF-1942, feel free to watch this ticket and/or vote for it.

Unfortunately I don’t have any easy solution for your problem today. I can’t recommend you to turn off the ‘Force User Authentication’ security setting and I did not find in gitlab documentation any hint about how to configure (and secure) a token for the authentication of these requests to SonarQube.
If you find something, please don’t hesitate to share any tip here.

Best regards


Thank you @Sylvain_Combe for this information. :+1:

1 Like