## SonarCloud Scanner fails with 404 on `api.sonarcloud.io/analysis/analyses` for CI-only projects
**Environment:**
- sonar-maven-plugin 5.5.0.6356 (also reproduced with 4.0.0.4121)
- Java 21 (Eclipse Adoptium)
- Jenkins CI (not GitHub Actions / Azure Pipelines)
- SonarCloud organization on team plan
- on-prem GitLab
**Problem:**
Every `sonar:sonar` analysis fails at the "Create analysis" step with:
```
Error 404 on https://api.sonarcloud.io/analysis/analyses
```
Full scanner output leading up to the error:
```
[INFO] Communicating with SonarQube Cloud
[INFO] Loaded core extensions: a3s, sca, architecture
[INFO] Project key: my-project
[INFO] Found an active CI vendor: 'Jenkins'
[INFO] Load project branches (done)
[INFO] Load project settings for component key: 'my-project' (done)
[INFO] Check ALM binding of project 'my-project'
[INFO] Detected project binding: NONEXISTENT
[INFO] Load quality profiles (done)
[INFO] Create analysis
[ERROR] Error during SonarScanner Engine execution
Caused by: com.sonarsource.scanner.engine.webapi.client.HttpException:
Error 404 on https://api.sonarcloud.io/analysis/analyses :
```
**Important context:**
This exact same setup (same organization, same token, same Jenkins configuration, same `sonar:sonar` invocation) was **working approximately one month ago** (mid-March 2026). Nothing changed on our side — the failure started appearing recently, which suggests a server-side change on SonarCloud.
**What I've tried:**
1. Creating the project via the REST API (`/api/projects/create`) — same error
2. Deleting and re-creating the project through the SonarCloud UI — same error
3. Setting the New Code Definition to "Previous version" — no effect
4. Pinning the maven plugin to version 4.0.0.4121 — same scanner engine gets downloaded from SonarCloud, same 404
5. Using `sonar:sonar` (latest) vs explicit `org.sonarsource.scanner.maven:sonar-maven-plugin:5.5.0.6356:sonar` — same result
**Key observation:**
The scanner reports `Detected project binding: NONEXISTENT` (or `NOT_BOUND` depending on the run). Our source code is hosted on a self-hosted GitLab instance, so we cannot bind the project to a supported ALM (GitHub, GitLab.com, Azure DevOps, Bitbucket Cloud). We use Jenkins with `sonar.token`, `sonar.host.url`, `sonar.projectKey`, and `sonar.organization` passed directly.
**Question:**
Is `api.sonarcloud.io/analysis/analyses` a new endpoint that requires ALM binding or a specific feature flag to be enabled? This setup (CI-only, no ALM binding) was working before with older scanner versions that used the legacy `sonarcloud.io/api/` endpoints. Has something changed recently on the SonarCloud side that broke CI-only projects without ALM binding?
In the end it was just the wrong kind of token. The maven plugin we are using war reporting incorrectly a 404 instead of a 403 and masking the actual issue.