Sonar-java-plugin latest version 6.5.1.22586 broken (HTTP 401 Unauthorized response)

In the directory JFrog the file JFrog contains an entry for version 6.5.1.22586, and that directory exists. However, when browsing the directory, the directory is empty, and when trying to download the expected artifacts, the response is 401 Unauthorized.

This breaks dependency scanners which, due to the entry in maven-metadata.xml, report that version 6.5.1.22586 exists for an update, and then it breaks builds, because when configuring to that version, SonarLint cannot run because the version cannot be downloaded.

Hello, thanks for asking!

If I understand correctly, the behavior you observe is caused by a community plugin for Gradle.

I suggest that you raise an issue on the plugin author’s GitLab - this is not a SonarSource official product (one could even wager that it is in more or less direct competition with some of our products), and it is abusing the Artifactory instance that we use for the development of our products.

For the record, officially released artifacts are made available on Maven Central, binaries.sonarsource.com and IDE/ALM marketplaces where applicable. Artifacts deployed on repox.sonarsource.com are not meant for direct consumption by end users and can be deleted without notice.