This would indicate that the token provided to your SonarCloud Service Connection (that you’ve then elected to use in your Azure DevOps pipeline configuration) doesn’t have the correct permissions.
I would recommend using a new token generated from SonarCloud, generated by a user you’re sure has access to the project in question.
While this indicates a successful connection to SonarCloud, it doesn’t mean that token has rights on the project. Did you generate a new token that is being used here, from a user you know has access to the project you’re trying to analyze?
I’m having the same issue here. Full permission to my user on organization and project. Fresh token, and still having de 403 response.
One thing that I noticed, I’m using the SonarScanner with the following command:
SonarScanner.MSBuild.exe begin /o:“my-organization” /k:“my-project-key” /d:sonar.host.url=“https://sonarcloud.io” /d:sonar.token=“my-token”
On my profile, in security section, I can see the token that was generated, and it shows the token was never used.
I generated another token, and tried again, and still have de 403 response and the new token also shows it was never used.
So, I did use the first one token to connect SonarLint on Visual Studio and it was done with no errors, and after that, the token shows it was used less than one hour ago.
What is possibly wrong with the command I’m using that the token seems not being using on the request?
Well, after all, I just discovered I was using an old version of sonar scanner that does not support sonar.token parameter. I updated to the latest version and it says now supports sonar.token parameter as well as token.login