Hello SonarCloud Support Team,
I’m trying to integrate a JavaScript/TypeScript (Node.js) project with SonarCloud through AWS CodeBuild, but I’m consistently receiving the following error during the analysis phase:
AxiosError: Request failed with status code 403
This happens even after verifying and eliminating all the common causes listed in the documentation.
Configurations and Diagnostics (All Verified)
1. Correct Scanner:
We are using the official Sonar Scanner for npm projects (sonar) as recommended in your documentation.
2. Token Validity:
The token is a newly created, permanent project token and is confirmed to be active. It’s not expired or revoked.
3. Token Injection and Environment Validation:
The token is being securely injected from AWS Secrets Manager, trimmed of any spaces (tr -d '[:space:]'), and verified to be non-empty (Token length: 58).
We have confirmed that the environment variable $SONAR_TOKEN resolves correctly within the build container.
4. Permissions:
The token has full permissions for project analysis, and the organization/project keys match exactly:
-Dsonar.host.url=https://sonarcloud.io
-Dsonar.organization=my-organization
-Dsonar.projectKey=my-project-key
5. Manual Test:
Running the exact same command locally with the same token works perfectly — analysis completes without issues.
The error only occurs within the AWS CodeBuild environment.
Question
Is there any restriction or additional configuration required for SonarCloud authentication when running from AWS CodeBuild containers (e.g., IP whitelisting, TLS, or rate-limiting)?
Or does the 403 response indicate that the token is being rejected for a specific reason on your side?
Any additional debugging flags or endpoints we can enable would be helpful.
Thank you very much for your time and support.
Please let me know if you need the full debug logs or buildspec configuration — I can share them immediately. Kind regards,
Kayke Peres
