SonarQube error: You're not authorized to run analysis, despite passing the token with build cmd

Coder_5 · March 6, 2023, 9:08am

I’m trying to build a java maven project, but I’m getting [ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project proj: You’re not authorized to run analysis. Please contact the project administrator. → [Help 1], even though I’m explicitly passing the url and access token along with maven command build.

Build command used: mvn clean install -Dmaven.test.skip=true sonar:sonar -Dsonar.host.url=https://sonarqube.it.org.net -Dsonar.login=token

application.yml:

# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

trigger:
- none

pool:
  vmImage: windows-latest
  name: custom_network

steps:
- task: SonarQubePrepare@5
  inputs:
    SonarQube: 'project-sonarqube'
    scannerMode: 'Other'
    projectKey: com.org.proj.java
    projectName: proj.java
    extraProperties:
      sonar.projectKey=com.org.proj.java
      sonar.projectName=proj.java

- task: MavenAuthenticate@0
  inputs:
    artifactsFeeds: 'Proj_Artifacts'


- task: Maven@4
  inputs:
    mavenPomFile: 'pom.xml'
    goals: 'clean install -Dmaven.test.skip=true sonar:sonar -Dsonar.host.url=https://sonarqube.it.org.net -Dsonar.login=token'
    publishJUnitResults: false
    testResultsFiles: '**/surefire-reports/TEST-*.xml'
    javaHomeOption: 'JDKVersion'
    jdkVersionOption: '1.8'
    mavenVersionOption: 'Default'
    mavenAuthenticateFeed: true
    effectivePomSkip: false
    sonarQubeRunAnalysis: true

- task: SonarQubePublish@5
  inputs:
    pollingTimeoutSec: '300'

Coder_5 · March 6, 2023, 9:12am

ganncamp do you have any idea. I followed this comment of yours, where explicitly passing the token solved the issue. But my issue is still present even after explicitly passing the sonarqube token along with the maven build command.

Coder_5 · March 6, 2023, 9:13am

I tried following this comment but even after sending sonarqube token along with the mvn build command as suggested by the comment I am still getting the error.

ganncamp · March 7, 2023, 8:02pm

Hi,

Welcome to the community!

Is this literally how your pipeline is configured?

Instead of literally passing “token” you need to create an analysis token and pass its value, either directly or via an interpolated variable.

HTH,
Ann

Coder_5 · March 8, 2023, 4:53am

Thank you Ann,

I think what you are saying about analysis token is a security feature and it won’t fix the error.

The error is fixed, it seems that while running azure pipeline build for a maven java project, one needs to send all the sonarqube parameters including project name and project key along with the build command.

goals: ‘clean install
-Dmaven.test.skip=true sonar:sonar
-Dsonar.host.url=https://sonarqube.it.org.net
-Dsonar.login=token
-Dsonar.projectKey=com.org.proj.java
-Dsonar.sonar.projectName=proj.java’

This above command is working fine.

system · March 15, 2023, 4:53am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.