SonarQube not able to fetch DevOps repositories

Must-share information (formatted with Markdown):

• which versions are you using (8.6.0.39681)

Greetings all,
We are in the process of setting up our SonarQube server for use. I am at the stage where I set up the PAT token to allow SonarQube to populate all of our projects in Devops in . The steps for this from the SonarQube Documentation is listed below for reference.

To import your Azure DevOps repositories into SonarQube, you need to first set your global SonarQube settings. Navigate to Administration > Configuration > General Settings > ALM Integrations , select the Azure DevOps tab, and click the Create configuration button. Specify the following settings:

** Configuration Name (Enterprise and Data Center Edition only) – The name used to identify your Azure DevOps configuration at the project level. Use something succinct and easily recognizable.*
** Azure DevOps server collection URL – Your full Azure DevOps Server collection URL. For example, https://ado.your-company.com/DefaultCollection .*
** Personal Access Token – An Azure DevOps Server user account is used to decorate Pull Requests. We recommend using a dedicated Azure DevOps Server account with Administrator permissions. You need a [personal access token] from this account with the scope authorized for Code > Read & Write for the repositories that will be analyzed. This personal access token is used for pull request decoration, and you’ll be asked for another personal access token for importing projects in the following section.*

However, some of the listed project repositories are showing an alert message which states "Could not fetch repositories for this project. Contact your system administrator, or [update your personal access token]. And some show the repository as expected.

Any ideas as to why it can’t get all the repositories for all projects?

Hi @jfry2k,

Thank you for raising this issue.

From what you are describing, this is the message you are encountering when trying to import an Azure DevOps Server project:

Screenshot 2021-02-05 at 13.07.572882×644 56.3 KB

This could happen because of the following reasons:

1. The Azure Project does not have any repositories - which is very unlikely as it is not possible to delete all repositories on a Project from the UI
   
   

   Screenshot 2021-02-05 at 13.12.311808×266 26.4 KB
2. Because the PAT used does not have permission to read repositories for that given project.

Based on this, could you generate a new Azure token with Code > Read & Write permission?

Please make sure that the Azure DevOps User you are using to generate the token has access to the Project Repository you’re trying to see. User permissions on Azure can be configured on Collection Settings > Users > Manage user.

When this is done, delete the old Azure DevOps Server Integration Configuration on SonarQube ( Administration > Configuration > General Settings > ALM Integrations), and create one with the new token.

Finally, add the new personal access token for importing repositories following the steps listed on the documentation.

Hi Belen,
Thanks so much for the reply. I have gone through the steps you listed and still get the same result.

I checked the permissions on my user account (Please note this is in Azure AD)

image1528×147 11.3 KB

And I re-created the PAT with Full Access to all projects. (In Devops)

image1652×59 2.31 KB

I went through the steps to create the ALM Integration and still get the same result.

Interestingly I did notice that when I go to check my user access level to all projects, some say “administrator” and some say “custom.” However, i can’t change “custom” to “administrator” and even if I could, the projects listed as custom aren’t all the same that it gives the fetch error for.

image483×879 13.1 KB

Any other ideas?

Hey @jfry2k,

Thank you for taking the time to follow these steps regarding the token generation.

Just to be sure, after you created the new PAT, did you go through these steps?

1. Deleting the old the ALM Integration configuration for Azure DevOps Server
2. Creating a new ALM Integration configuration:
   
   

   Screenshot 2021-02-08 at 12.52.222536×426 56.1 KB
3. Using the import feature for Azure DevOps Server
   
4. Providing the new PAT as part of the onboarding
   
   

   Screenshot 2021-02-08 at 12.43.102142×764 62.7 KB

If that’s the case, then let’s continue debugging together to understand where the issue might be.
I’m going to guide you through a list of steps, so that you can share with me the output and hopefully we can find together some hints.

1. Open SonarQube and go to the Import Azure DevOps Server page
   
2. Look for a Project name where the repositories are not being shown. In this example, it would be “Test Project”. Does the rendered name match the project name you see in Azure DevOps Server?
   

   Screenshot 2021-02-05 at 13.07.572882×644 56.3 KB
3. If that’s the case, then let’s take a look at what the API is returning. On your browser, open the Network tab. If you’re using Google Chrome, you can access it by pressing F12. Clear the previous history of network calls, and type in the word “search” to filter for the right SQ endpoint.
   
   

   Screenshot 2021-02-08 at 13.04.142050×802 62 KB
4. Expand the accordion of the Azure DevOps Project, so that repositories (or lack of them!) can be listed. You should see a new record being listed on the Networks tab of your browser.
   
   

   Screenshot 2021-02-08 at 13.06.442158×462 60.5 KB
5. Could you confirm if on the Status column of the Network record you are seeing 200?
6. Finally, click on the name of the Network record and then on “Response”. What is being returned here?
   
   

   Screenshot 2021-02-08 at 13.08.112016×132 25.9 KB

Thanks in advance for following this.