SonarCloud analysis on master branch results in broken builds on all other PRs on GitHub

I integrated SonarCloud into Apache Creadur RAT with a separate GHA YML:

Analysis runs well on master branch, but all PRs run into broken builds, e.g.

The error log indicates an error within the SonarQube analysis:

[INFO] Load project branches
[INFO] Load project branches (done) | time=286ms
[INFO] Load project settings for component key: 'apache_creadur-rat'
[INFO] Load project settings for component key: 'apache_creadur-rat' (done) | time=237ms

Error:  Error during SonarScanner Engine execution

org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@1e4bccdf-org.sonar.scanner.scan.ModuleIndexer': Unsatisfied dependency expressed through constructor parameter 0: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@1e4bccdf-org.sonar.scanner.scan.filesystem.InputComponentStore': Unsatisfied dependency expressed through constructor parameter 0: Error creating bean with name 'BranchConfiguration' defined in org.sonar.scanner.scan.branch.BranchConfigurationProvider: Unsatisfied dependency expressed through method 'provide' parameter 0: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@1e4bccdf-com.sonarsource.branch.BranchConfigurationLoaderImpl': Unsatisfied dependency expressed through constructor parameter 1: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@1e4bccdf-com.sonarsource.branch.PrBranchConfigurationBuilder': Unsatisfied dependency expressed through constructor parameter 3: Error creating bean with name 'ProjectBindingFlag' defined in org.sonar.scanner.scan.branch.ProjectBindingFlagProvider: Unsatisfied dependency expressed through method 'provide' parameter 1: Error creating bean with name 'ProjectConfiguration' defined in org.sonar.scanner.scan.ProjectConfigurationProvider: Unsatisfied dependency expressed through method 'provide' parameter 5: Error creating bean with name 'FeatureFlagSettings' defined in org.sonar.scanner.featureflag.FeatureFlagSettingsProvider: Unsatisfied dependency expressed through method 'provide' parameter 0: Error creating bean with name 'FeatureFlags' defined in org.sonar.scanner.featureflag.FeatureFlagSettingsProvider: Failed to instantiate [org.sonar.scanner.extension.api.FeatureFlags]: Factory method 'provide' threw exception with message: Cannot invoke "java.util.Map.entrySet()" because "<parameter1>" is null
	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:804)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:240)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1395)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1232)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:569)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:529)
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:339)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:373)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:337)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.instantiateSingleton(DefaultListableBeanFactory.java:1221)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingleton(DefaultListableBeanFactory.java:1187)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:1123)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:987)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:627)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:209)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:189)
	at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:146)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:210)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:189)
	at org.sonar.scanner.bootstrap.ScannerMain.runScannerEngine(ScannerMain.java:143)
	at org.sonar.scanner.bootstrap.ScannerMain.run(ScannerMain.java:58)
	at org.sonar.scanner.bootstrap.ScannerMain.main(ScannerMain.java:42)

Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@1e4bccdf-org.sonar.scanner.scan.filesystem.InputComponentStore': Unsatisfied dependency expressed through constructor parameter 0: Error creating bean with name 'BranchConfiguration' defined in org.sonar.scanner.scan.branch.BranchConfigurationProvider: Unsatisfied dependency expressed through method 'provide' parameter 0: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@1e4bccdf-com.sonarsource.branch.BranchConfigurationLoaderImpl': Unsatisfied dependency expressed through constructor parameter 1: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@1e4bccdf-com.sonarsource.branch.PrBranchConfigurationBuilder': Unsatisfied dependency expressed through constructor parameter 3: Error creating bean with name 'ProjectBindingFlag' defined in org.sonar.scanner.scan.branch.ProjectBindingFlagProvider: Unsatisfied dependency expressed through method 'provide' parameter 1: Error creating bean with name 'ProjectConfiguration' defined in org.sonar.scanner.scan.ProjectConfigurationProvider: Unsatisfied dependency expressed through method 'provide' parameter 5: Error creating bean with name 'FeatureFlagSettings' defined in org.sonar.scanner.featureflag.FeatureFlagSettingsProvider: Unsatisfied dependency expressed through method 'provide' parameter 0: Error creating bean with name 'FeatureFlags' defined in org.sonar.scanner.featureflag.FeatureFlagSettingsProvider: Failed to instantiate [org.sonar.scanner.extension.api.FeatureFlags]: Factory method 'provide' threw exception with message: Cannot invoke "java.util.Map.entrySet()" because "<parameter1>" is null
	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:804)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:240)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1395)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1232)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:569)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:529)
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:339)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:373)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:337)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
	at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:254)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1760)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1643)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:913)
	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:791)
	... 22 common frames omitted

Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'BranchConfiguration' defined in org.sonar.scanner.scan.branch.BranchConfigurationProvider: Unsatisfied dependency expressed through method 'provide' parameter 0: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@1e4bccdf-

Is this an application error on the side of SonarQube or is something wrong with my configuration?

Thanks

Hi,

Welcome to the community and thanks for this report!

Given how much is already going on in your log, I hesitate to ask this, but could you add -X to your Maven command so we get debug logging, try again, and post a pointer to new new log?

 
Thx,
Ann

Thanks for reaching out - I’ve added the “-X -e” parameters to the Maven call.

Existing PRs such as WIP: RAT-530: Prepare for a 0.18 release by ottlinger · Pull Request #601 · apache/creadur-rat · GitHub became green after a rebase.

I’m waiting for a freshly created branch (e.g. dependabot) ….

not sure if this problem related to the general GitHubAction problems of 2026-01-07, but will keep you updated.

Cheers

Hi,

after adding “-X -e” to the command line call the log output is cut on GitHubActions so that I can only see the first 50 lines ….. thus I’m unable to see any stacktraces/more error messages.

e.g. Fix typo · apache/creadur-rat@55ee4e3 · GitHub

Above stacktrace indicates something within the Sonar-application so my hope was that someone can trace it back within your own code.

Thanks

Hi,

Hah! It did that to me at first too. I went to other windows to investigate possible causes and when I came back, the rest of the log started loading. All 128,834 lines… before the truncation Fortunately, it’s aaall there in the raw version of the log.

And this looks like an analysis of master?

2026-01-09T09:10:13.8740861Z [INFO] Auto-configuring branch master

That ended successfully?

2026-01-09T09:11:08.6769341Z [INFO] ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=apache_creadur-rat&branch=master

For reference, here’s my somewhat-cleaned-up copy of the log.
log.log (5.3 MB)

 
Ann

The situation is still the same - freshly created PRs fail the SonarCloud build:

• RAT-498: Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 by dependabot[bot] · Pull Request #609 · apache/creadur-rat · GitHub *
  Log output:

Unfortunately my Chrome does not load the log, so I only see the first couple of lines.

Can you see more of the errror message?
Thx

Hi,

Here’s the root:

What DevOps platform are we dealing with here? It’s likely that the PAT you’ve set at the project level has expired. It’s used only in a PR context, which would explain why only PRs fail.

 
Ann

SONAR_TOKEN is passed as a project secret via GitHub. As the builds are working properly on branch master I suspected it is a problem within the GitHubAction script I linked above.

The script is taken from the sonarcloud documentation ….. HTH

I tried finding the root cause again. As the analysis on branch master runs throught successfully with the same script I’m unsure if the error message is the correct cause:

2026-01-16T00:36:43.6383210Z Caused by: org.sonar.api.utils.MessageException: Project not found. Please check the 'sonar.projectKey' and 'sonar.organization' properties, the 'SONAR_TOKEN' environment variable, or contact the project administrator to check the permissions of the user the token belongs to

The projectKey and organisation values are passed in as parameters and the same SONAR_TOKEN is used that was issued quite recently. Any more hints where to look at?

Update: As the analysis from branch master seems to be updated I assume organization and projectId are correct:

Thanks again

Hi,

Here’s where we are:

2026-01-12T00:41:40.0621688Z [INFO] Check ALM binding of project 'apache_creadur-rat'
2026-01-12T00:41:40.0628959Z [DEBUG] --> GET https://sonarcloud.io/api/alm_integration/is_project_bound?project=apache_creadur-rat
2026-01-12T00:41:40.1627946Z [DEBUG] <-- 401 https://sonarcloud.io/api/alm_integration/is_project_bound?project=apache_creadur-rat (99ms, unknown-length body)
2026-01-12T00:41:40.1628849Z [WARNING] Failed to check if project 'apache_creadur-rat' is bound
2026-01-12T00:41:40.1629485Z [INFO] Detected project binding: ERROR
2026-01-12T00:41:40.1632305Z [INFO] Check ALM binding of project 'apache_creadur-rat' (done) | time=101ms
2026-01-12T00:41:40.1654594Z [INFO] Load project pull requests
...
2026-01-12T00:41:40.3623017Z [INFO] Load project pull requests (done) | time=196ms
2026-01-12T00:41:40.3651897Z [INFO] Load branch configuration
2026-01-12T00:41:40.3665357Z [INFO] Github event: pull_request
2026-01-12T00:41:40.3733299Z [INFO] Auto-configuring pull request 609
2026-01-12T00:41:40.3737706Z [INFO] Load branch configuration (done) | time=9ms
...
2026-01-12T00:41:40.3847961Z [INFO] Load quality profiles
...
2026-01-12T00:41:40.6704950Z [INFO] Load quality profiles (done) | time=286ms
2026-01-12T00:41:40.6925515Z [INFO] Create analysis
2026-01-12T00:41:40.7094289Z [DEBUG] Create analysis with parameters CreateAnalysisRequest[organizationKey=apache, projectKey=apache_creadur-rat, projectVersion=1.0.0-SNAPSHOT, branchName=null, pullRequestKey=609, referenceBranchId=a1990be0-1958-446f-b0b0-bbccc448338b, analysisId=null]
2026-01-12T00:41:40.7125140Z [DEBUG] --> POST https://api.sonarcloud.io/analysis/analyses (178-byte body)
2026-01-12T00:41:40.8587783Z [DEBUG] <-- 401 https://api.sonarcloud.io/analysis/analyses (145ms, 144-byte body)
2026-01-12T00:41:40.8846036Z [DEBUG] Cleanup org.eclipse.jgit.util.FS$FileStoreAttributes$$Lambda$397/0x00007f4594359c20@64469d8 during JVM shutdown
2026-01-12T00:41:40.8879274Z [ERROR] Project not found. Please check the 'sonar.projectKey' and 'sonar.organization' properties, the 'SONAR_TOKEN' environment variable, or contact the project administrator to check the permissions of the user the token belongs to

A 401 is a permissions error. Either one of the three values mentioned in the error message is wrong or there’s a problem talking to GitHub. Since this part is successful:

2026-01-12T00:41:40.1632305Z [INFO] Check ALM binding of project 'apache_creadur-rat' (done) | time=101ms
2026-01-12T00:41:40.1654594Z [INFO] Load project pull requests
2026-01-12T00:41:40.1663123Z [DEBUG] --> GET https://sonarcloud.io/api/project_pull_requests/list?project=apache_creadur-rat
2026-01-12T00:41:40.3589738Z [DEBUG] <-- 200 https://sonarcloud.io/api/project_pull_requests/list?project=apache_creadur-rat (192ms, unknown-length body)
2026-01-12T00:41:40.3623017Z [INFO] Load project pull requests (done) | time=196ms

I don’t think that’s it.

You’re pulling the token from the environment. Can it be that you have a different env for branches and PRs?

 
Ann

Thanks again - as the SONAR_TOKEN is defined globally on the repository I see no way for it to differ between branches, build script is the same for all branches:

The token itself should be valid as it was generated during my first login in SonarCloud in the beginning of January 2026 and had no configuration options to select branches.

I’m not sure how a “regular” integration works, but we would like to have sonarCloud for branch master. PRs can run their analysis and show results, but should not affect the main master-branch-sonarcloud integration.

Could the problem be, that the branchName is set to null?

Thanks

Hi,

It should then default to your main branch.

I’ll be honest and say this is not a point in analysis that I’ve seen problems before. I’m not sure where else to look, so I’m going to call in help. Unfortunately, they probably won’t show up immediately.

 
Ann

Hi,

apart from defining the sonar.* properties in the Maven pom.xml I also added them manually to the call of the SonarCloud-analysis without any change:

name: Build and analyze at ASF-sonarcloud
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: ./mvnw -X -e verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=apache_creadur-rat -Dsonar.organization=apache -Dsonar.token=${SONAR_TOKEN}

Strangely one non-master build became green, such as

but the other non-main-branches remain problematic:

HTH

Phil

Hi Phil,

I’m glad you came back on this thread because I’ve learned more since my last update.

It turns out a failure at this step is a permissions problem, specifically with your token’s permissions to analyze the project (as opposed to your devOps PAT stored in SQC).

So I think the easiest first step here would be to create a new token an set it into your properties.

 
Ann

Thanks,

I’ve created a new token in my account via SonarQube Cloud
and set it in GitHubActions as SONAR_TOKEN.

The PR’s pipeline was triggered again:

and did not run through.

Can you somehow determine what’s wrong with the token?

Thanks

Hi,

We’re still at

Caused by: java.lang.IllegalStateException: Unable to create analysis

I need you to double-check that the account you’re creating tokens from has permissions to analyze this project.

 
Thx,
Ann

Ann, I contacted ASF’s infrastructure team and

• removed my manually created sonarcloud token
• to replace it with an organization-level token from the ASF

Unfortunately the problem remains:

As the configured secret is an organization-level I doubt it is invalid.

Switching to the global ASF secret worked as the analysis on branch master was successful.

Can you provide more info on how to continue here?

Thanks

Phil

Hi Phil,

The error keeps being the same: Unable to create analysis. Again, this is a permissions problem. Regardless of where the token comes from, please make sure the issuing account has permissions to analyze the project.

Explicitly: it is quite possible to have admin on a project without the rights to analyze the project. It is quite possible to be a global/organization admin without rights to analyze a specific project in the organization.

 
Ann

Hi! I’ve tweaked the build to echo if the secret is available and it seems that the globally/organization-level secret seems only available on master-branch builds. Not sure if this is a security feature or a bug, but the branch-builds seem to fail due to a missing SONAR_TOKEN.

Would it make sense to change logging on your site to make it explicit that no token was passed to the build? A permission error (wrong token etc.) could be distinguished from a missing token (configuration error on consumer-side).

Cheers

Phil

Hi Phil,

I think there are probably “Security Reasons” we’ve kept this obscure, but IMO it definitely be helpful if we were not. I’m going to flag this for the PMs.

 
Ann