SonarQubeAnalyze fails at upload report - error POST 403 - Failed to upload: You're not authorized

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Sonarqube - 9.8.0
    Scanner - 5.13.0

  • how is SonarQube deployed: zip, Docker, Helm
    Helm

  • what are you trying to achieve
    Upload the report

  • what have you tried so far to achieve this
    Checked global authentication token, recreated and checked permission.

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

Hi there,

It was working alright until yesterday. Nothing is changed related to permissions and token.
I checked and recreated global token and still the same issue. We use Azure Devops pipeline and bitbucket as SCM.

I ran the scan with debug mode and found it gets POST 403 error. I checked our network and I can confirm there is no rules or anything blocking the report from uploading.

And I am facing issue related to all the projects not just one. Thank you.

16:37:56.598 DEBUG: 'Generic Coverage Report' skipped because one of the required properties is missing
16:37:56.600 DEBUG: 'C#' skipped because there is no related file in current project
16:37:56.602 DEBUG: 'C# Tests Coverage Report Import' skipped because there is no related file in current project
16:37:56.603 DEBUG: '[Deprecated] C# Integration Tests Coverage Report Import' skipped because there is no related file in current project
16:37:56.605 DEBUG: 'C# Unit Test Results Import' skipped because there is no related file in current project
16:37:56.605 DEBUG: 'VB.NET' skipped because there is no related file in current project
16:37:56.607 DEBUG: 'VB.NET Tests Coverage Report Import' skipped because there is no related file in current project
16:37:56.608 DEBUG: '[Deprecated] VB.NET Integration Tests Coverage Report Import' skipped because there is no related file in current project
16:37:56.609 DEBUG: 'VB.NET Unit Test Results Import' skipped because there is no related file in current project
16:37:56.610 DEBUG: 'Java CPD Block Indexer' skipped because there is no related file in current project
16:37:56.612 DEBUG: Sensors : Analysis Warnings import -> Zero Coverage Sensor
16:37:56.613 INFO: Sensor Analysis Warnings import [csharp]
16:37:56.617 INFO: Sensor Analysis Warnings import [csharp] (done) | time=4ms
16:37:56.618 INFO: Sensor Zero Coverage Sensor
16:37:56.619 INFO: Sensor Zero Coverage Sensor (done) | time=1ms
16:37:56.621 INFO: SCM Publisher No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
16:37:56.626 INFO: CPD Executor Calculating CPD for 0 files
16:37:56.629 INFO: CPD Executor CPD calculation finished (done) | time=0ms
16:37:56.888 INFO: Analysis report generated in 248ms, dir size=213.5 kB
16:37:56.921 INFO: Analysis report compressed in 31ms, zip size=27.4 kB
16:37:56.923 INFO: Analysis report generated in /usr/src/.scannerwork/scanner-report
16:37:56.924 DEBUG: Upload report
16:37:57.027 DEBUG: POST 403 "URL" | time=101ms
16:37:57.063 INFO: ------------------------------------------------------------------------
16:37:57.063 INFO: EXECUTION FAILURE
16:37:57.063 INFO: ------------------------------------------------------------------------
16:37:57.064 INFO: Total time: 31.410s
16:37:57.216 INFO: Final Memory: 29M/100M
16:37:57.217 INFO: ------------------------------------------------------------------------
16:37:57.217 ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: Failed to upload report: You're not authorized to run analysis. Please contact the project administrator.
        at org.sonar.scanner.report.ReportPublisher.upload(ReportPublisher.java:225)
        at org.sonar.scanner.report.ReportPublisher.execute(ReportPublisher.java:153)
        at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:374)
        at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
        at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
        at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:135)
        at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
        at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
        at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
        at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
        at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
        at com.sun.proxy.$Proxy0.execute(Unknown Source)
        at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
        at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:126)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:81)
        at org.sonarsource.scanner.cli.Main.main(Main.java:62)
Caused by: You're not authorized to run analysis. Please contact the project administrator.

Hi,

This error is coming directly from SonarQube itself. You need to double-check the account whose token you use for analysis. Off-hand, I can think of two things to look at:

  • was the analysis token revoked / expired?
  • does the account still have analysis permissions on the project?

 
HTH,
Ann

Hello Ann,

So, No the token was not revoked or expired. But just to be sure I removed all the token and the project itself. And I am not using analysis token. I am using global token for all of my projects.

I still see the same error.

I provide this global token as SONAR_TOKEN and project key as envs in pipeline.

And can you tell how to check if the account has analysis permission on the project?
I allowed users and admins to have analysis on the project

and I am using global token which should have access to all the project analysis.

What is going wrong here?

Thank you.

Hi,

To verify, that token is successful when analyzing other projects?

 
Ann

Hello,

No, all the projects has the same error. But nothing was changed. I was using one global token for analyzing all the project before and it was working fine. It just stopped working since a day.

Hi,

If the token is failing on all projects, then whether or not you think it has expired or been revoked, perhaps you should generate a new one.

 
HTH,
Ann

Hello.

Yes already created a new token and tried. Kept no expiration. Facing the same issue.

Hello,

We published a new version of the task today. I wonder if this fix isn’t your problem:

VSTS-302 Use sonar.token instead of sonar.login for SQ >= 10.0

Which parameter key do you use to pass the token?

 
Ann

Our sonarqube version is 9.8.0, So this should not be a problem.

I use SONAR_TOKEN env to pass this global token to our pipeline.

Hi,

Sorry, I’ve done a little more reading and see now that the extension configures that for you. Just to double check, would you mind adding -sonar.scanner.dumpToFile=[path to file] to your analysis properties to verify what key is being sent for that property?

 
Thx,
Ann

I apologize. But some managed rules were enabled by the system on firewall which was blocking the request. Because they were managed, took time to investigate it. But that fixes it.

Thank you for your help.

1 Like

Hi,

Thanks for letting us know!

 
Ann

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.