Sonarqube EE no password reqired for scan - Version 8.9.8 (build 54436)

SonarQube
,
1

After a version update it seems that there is no password required for a sonar scan.

  • Enterprise Edition
  • Version 8.9.8 (build 54436)

maven sonar scans successfully (without token):
mvn clean install sonar:sonar -Dsonar.verbose=true -Dsonar.host.url=https://sonar.aaa.de -Dsonar.login=

maven sonar scan fails with token “x”:
mvn clean install sonar:sonar -Dsonar.verbose=true -Dsonar.host.url=https://sonar.aaa.de -Dsonar.login=x

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project echo: Unable to load component class org.sonar.scanner.bootstrap.ScannerPluginInstaller: Unable to load component class org.sonar.scanner.bootstrap.PluginFiles: Unable to load component class org.sonar.scanner.bootstrap.GlobalConfiguration: Unable to load component class org.sonar.scanner.bootstrap.GlobalServerSettings: Not authorized. Please check the properties sonar.login and sonar.password.

image
image1349×499 43.2 KB

btw we are using Azure AD:
sonar.auth.aad.enabled: true
sonar.auth.aad.clientId.secured: xxx
sonar.auth.aad.multiTenant: false
sonar.auth.aad.enableGroupsSync: true
sonar.auth.aad.tenantId: xx
sonar.auth.aad.allowUsersToSignUp: true
sonar.auth.aad.loginStrategy: “Same as Azure AD login”

2

Hi,

I’m confused. Are you reporting that you can - unexpectedly - analyze anonymously (as in your thread title)? Or that a token is required (as in your error message)?

 
Ann

3

Yes, I can unexpectedly analyse anonymously without a token. That is wrong.
I was confused by why it throws “Not authorized” when using any random token.

4

Hi,

How about a screenshot of your project’s permissions page (Project Settings → Permissions)? E.G.

Selection_738
Selection_7381093×650 59.3 KB

And let’s also check the global permissions page (Administration → Security → Global Permissions)

Selection_739
Selection_7391083×958 89 KB

In both, we’re looking to see that Anyone doesn’t have Execute Analysis permissions.

 
Ann

5

There was a setting for “anyone”, which was wrong, I think it works now, thank you!

1 Like