Sonar.token property with SonarQube 10.0.0 does not work

I have performed upgrade from sonarqube 9.8 to 10.0.0 using all the environment stated in the latest documentation.

Performed SonarQube analysis and after viewing the report, ‘The last analysis warnings. See details’ is displayed. After viewing the warning, the following is shown:

I am using the sonar.token as suggested, however the warning does not clear after subsequent analysis.

Hey there.

What environment are you running the analysis in? Locally? In a CI environment (Jenkins, GitHub Actions, Bitbucket Pipelines, Azure DevOps…)

How are you adding sonar.token to the scanner command?

its run in TFS2018 as a task


the sonar.token is provided as a parameter in the additional properties as shown in attachement

This will be addressed with [VSTS-302] - Jira.

The big problem here is that with TFS 2018, you won’t be able to install the new version (which will be a v5.x release) of the Extension for Azure DevOps.

TFS 2018 has reached its mainstream EOL. If you can’t upgrade, you’ll have to:

  • Write scripts that “manually” execute the scanner and pass sonar.token
  • Attempt to fork v4.x of the extension and supply sonar.token instead of sonar.login – if all instances targeted by this Azure DevOps instance are running SonarQube v10.0.