Sonar cannot be run on PR from a fork

When I make a PR from a branch internal to my organization Sonar runs fine. But if a fork is created and a PR is made from that fork I get the following error:

Error: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project todo-backend: Project not found. Please check the ‘sonar.projectKey’ and ‘sonar.organization’ properties, the ‘SONAR_TOKEN’ environment variable, or contact the project administrator → [Help 1]

This is because GitHub does not pass secret per documentation:

Note: With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository.

Does anyone have a better suggestion / work around?

This is not possible out-of-the-box, but some users have found a workaround.

You may also want to vote on this roadmap item here: https://portal.productboard.com/sonarsource/1-sonarcloud/c/50-sonarcloud-analyzes-external-pull-request

1 Like