Sonar token in sonarcloud project configuration changes value


We are integrating sonarcloud with gitlab; all our repositories are private. We are using a token generated by us, the same for all the projects and that token is defined as a group variable on gitlab. For some reason the token stored on sonarcloud is changing and the sonar check job fails due to authentication failure, as expected.
We tried to solve the issue overriding the token on sonarcloud but for some reason gets changed to a random token again

As we cannot figure out why this is happening, could you please indicate any reasons you believe might be causing this issue?

  • CI system used

    • GitLab CI/CD
  • Scanner command used when applicable

    • Maven integration as described in the documentation
    • Environment variables in GitLab CI/CD at group level (same for all projects)
  • Languages of the repository

    • Java
  • Error observed

    • The execution of the sonar check on the pipeline is behaving as expected because the environment variable SONAR_TOKEN is not different for the Token defined in sonarcloud web UI
  • Potential workaround

    • Delete the project from the organisation on sonarcloud and create the project again (as you can imagine we can’t go on like this)

Any ideas of what can be causing this issue?

Thank you very much

Hi @Maria_Lomba,
Welcome to the community!

Could you clarify what you mean by ‘overriding the token on SonarCloud’ and how you are doing that?
I invite you, if you haven’t done so yet, to go over this documentation page.


Hi @AlxO ,

Thank you very much for replying. Let me explain,

  1. Click on a project
  2. On the right hand side, Analysis method, click on the pen
  3. Click on ‘Follow the tutorial’ link under ‘With GitLab CI/CD pipeline’
  4. Click on the pen next to the token ‘Value field’ and paste the custom token
    • The tooltip for the pen says ‘Use an existing token or generate a new one’.
    • The tooltip suggests it is possible to override the random generated token
  5. Click on Continue
    • I’ve noticed that if I don’t click on Continue, the token is not saved
  6. Repeat steps 1. to 3.
    • The token ‘Value field’ should be the value I’ve entered on step 4.

We have used a similar approach to define the initial setup for the projects.

When we get this authorisation error, the token we see is not the one we’ve assigned to the project

Please don’t hesitate on asking any questions.

Thank you very much for your help

Hi @Maria_Lomba,

By design and for security reasons, generated tokens are shown once. That is why when you go through the tutorial page another time you are proposed to generate a new token.

When it comes to onboarding additional projects, I expect you would not need to trigger the tutorial for each project, but can simply run your CIs provided the SonarCloud token is correct and the permissions to the target project are correct.

Hi @AlxO,

That makes sense. Thanks for clarifying

I wonder if you have any ideas of what I could look into in order to explain (and fix) why for no apparent reason, SonarCloud returns authorisation error. I say for no apparent reason because I’m sure the token in GitLab hasn’t change and the token in SonarCloud project hasn’t change either. I wonder if something on the GitLab side could make SonarCloud unhappy about the token we are sending. I’ve looked everywhere I could think of (without judging whether it made sense or not) on the side of pipelines definition, project code/dependencies and I couldn’t find anything that could have introduced the problem. A bit of inspiration would be very helpful

Thank you Alex

Hi @Maria_Lomba,

If the error is truly an authorization error (and not an authentication error), then you may want to check what permissions the user owning the token you are using is entitled to on the targeted projects. I would typically check the ‘execute analysis permission’ for instance.

Hi @AlxO,

I will find out

Thank you very much for your help