Sonar.login credential stopped working

I’m not entirely certain this is the right place to seek for help with non-public projects, but since I can’t find anywhere else starting from the contact page:

My organisation’s SonarCloud credential (used in sonar.login in our project’s POMs) stopped working halfway through 1 February. (It was working at 10:10 UTC and had ceased working by at 14:46 UTC). A colleague attempted to contact SonarCloud over the issue, but did not receive a response; hence I am re-raising the issue now.

This applies to all projects in the organisation rewe-marketplace-services.

Is there someone here who can help me with this?

Hey @Michael_Grant_RD

Most likely somebody in your organizing revoked the token being used. You could always try using it in a curl command to see if it’s still valid.

curl -u token:

The other possibility (if the token is still valid) is that the user for whom the token was generated no longer has Execute Analysis permissions.

I would first check these things. You may need to generate a new token. We typically don’t recommend keeping the token in a pom.xml file, as this would compromise the token to anybody who has access to the file. Usually the tutorials on SonarCloud will suggest you store this in a secret environment variable (depending on the CI).

Dear Colin,

Thanks for your help. I get 401 Unauthorized with the above call; I presume this means the token is no longer valid. Is there any way to find out which user the token was generated for? We have a setup here in which my department was sold from one business to another, and I don’t know which business originally generated the token.

(BTW, the token is not stored in the POM, but passed into it from a Jenkins credential via an environmental variable.)

Hey there.

There’s no way to trace a revoked token back to the user.

If that’s the case, it should be pretty easy to generate a new token and substitute it, assuming you have access to a user with the right permissions.