Sonarqube EE no password reqired for scan - Version 8.9.8 (build 54436)

After a version update it seems that there is no password required for a sonar scan.

  • Enterprise Edition
  • Version 8.9.8 (build 54436)

maven sonar scans successfully (without token):
mvn clean install sonar:sonar -Dsonar.verbose=true -Dsonar.login=

maven sonar scan fails with token “x”:
mvn clean install sonar:sonar -Dsonar.verbose=true -Dsonar.login=x

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin: (default-cli) on project echo: Unable to load component class org.sonar.scanner.bootstrap.ScannerPluginInstaller: Unable to load component class org.sonar.scanner.bootstrap.PluginFiles: Unable to load component class org.sonar.scanner.bootstrap.GlobalConfiguration: Unable to load component class org.sonar.scanner.bootstrap.GlobalServerSettings: Not authorized. Please check the properties sonar.login and sonar.password.

btw we are using Azure AD:
sonar.auth.aad.enabled: true
sonar.auth.aad.clientId.secured: xxx
sonar.auth.aad.multiTenant: false
sonar.auth.aad.enableGroupsSync: true
sonar.auth.aad.tenantId: xx
sonar.auth.aad.allowUsersToSignUp: true
sonar.auth.aad.loginStrategy: “Same as Azure AD login”


I’m confused. Are you reporting that you can - unexpectedly - analyze anonymously (as in your thread title)? Or that a token is required (as in your error message)?


Yes, I can unexpectedly analyse anonymously without a token. That is wrong.
I was confused by why it throws “Not authorized” when using any random token.


How about a screenshot of your project’s permissions page (Project Settings → Permissions)? E.G.

And let’s also check the global permissions page (Administration → Security → Global Permissions)

In both, we’re looking to see that Anyone doesn’t have Execute Analysis permissions.


There was a setting for “anyone”, which was wrong, I think it works now, thank you!

1 Like