"You're not authorized to run analysis" error when running sonar-scanner CLI with full rights

SonarQube Cloud
1

Hello,

I’m unable to get sonar-scanner to work from the command line. My SC user account is the administrator for our organization and I have verified that I have Execute Analysis rights for the project in question.

  • ALM used is Azure DevOps (although I’m attempting to run sonar-scanner locally)
  • No CI system used
  • Scanner command used is
sonar-scanner \
  -Dsonar.organization=**** \
  -Dsonar.projectKey=****** \
  -Dsonar.sources=. \
  -Dsonar.host.url=https://sonarcloud.io
  • Language is JavaScript
  • Error observed is (with project key anonymized)
...
10:56:02.456 INFO: Loaded core extensions: developer-scanner
10:56:02.472 DEBUG: Installed core extension: developer-scanner
10:56:02.735 DEBUG: Could not detect any CI vendor
10:56:02.742 INFO: Load project settings for component key: '******'
10:56:02.890 DEBUG: GET 403 https://sonarcloud.io/api/settings/values.protobuf?component=ProKnow | time=148ms
10:56:02.897 INFO: ------------------------------------------------------------------------
10:56:02.897 INFO: EXECUTION FAILURE
10:56:02.897 INFO: ------------------------------------------------------------------------
10:56:02.898 INFO: Total time: 3.083s
10:56:02.910 INFO: Final Memory: 6M/74M
10:56:02.910 INFO: ------------------------------------------------------------------------
10:56:02.910 ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: Unable to load component class org.sonar.scanner.ci.AnalysisMethodValidator
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:52)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:678)
        at org.sonar.core.platform.ComponentContainer.getComponentByType(ComponentContainer.java:273)
        at org.sonar.scanner.scan.ProjectScanContainer.doBeforeStart(ProjectScanContainer.java:162)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:121)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
        at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:128)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
        at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:58)
        at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:52)
        at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
        at com.sun.proxy.$Proxy0.execute(Unknown Source)
        at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
        at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
        at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Unable to load component class org.sonar.scanner.scan.ProjectServerSettings
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:52)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
        at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
        at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
        at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
        at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)
        at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)
        at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
        at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
        at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)
        at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
        at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
        at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)
        at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)
        at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:50)
        ... 22 more
Caused by: You're not authorized to run analysis. Please contact the project administrator.

  • Steps to reproduce

    1. Log in to SonarCloud account
    2. Verify that I am ADMIN for the organization
    3. Click “+” and “Analyze New Project” link
    4. Click “create a project manually”
    5. Select our organization
    6. Enter project key and display name
    7. Click “Setup” button
    8. On the ‘Choose your Analysis Method’ page, select “Other (for JS,…)”
    9. Select “Linux” for OS
    10. Download SonarScanner zip, unzip into Ubuntu WSL2, run chmod 755 on sonar-scanner and java executables from the zip
    11. Add bin to the PATH var
    12. Set SONAR_TOKEN var to token given during setup
    13. Copy given command
    14. Run copied command at top of source directory

  • Potential workaround: None, I’m totally stuck

Any help would be greatly appreciated.

Thanks

2

Hi Ryan,

Welcome to the community support!

Strange, it’s supposed to be pretty straightforward looking at the steps you took.

Are you sure you used the right org and project keys?

Does the SONAR_TOKEN env var accessible in the context you are running the scanner?

Since you are admin you can generate a new token and retry again.

Thanks.

Best.

3

I failed to export the SONAR_TOKEN variable as an environment var.

SONAR_TOKEN=<token value>
export SONAR_TOKEN   # <- missed this step

I’m curious, is it possible to include the token in the arguments to sonar-scanner instead of setting env vars?

4

Yes, it’s possible: check the following doc section

Be careful to not expose your token in in the logs, depending on what your CI logs.

Best.

5

Hi,
unsure if it is related. but we had some similar strange issues.
We are using Azure Devops integrated Tasks and Service Connection. everything went smooth for 99% of the projects. We only had an issue for 1 project at the end of the Analyze task.

ERROR: You’re not authorized to run analysis. Please contact the project administrator.

Digging deeper (I changed the real URLs and project names):


2022-02-24T18:30:19.1634807Z 18:30:19.162 DEBUG: GET 200 https://url.com/api/new_code_periods/show.protobuf?project=something&branch=fix%2Fsonar_log | time=37ms
2022-02-24T18:30:19.1652896Z 18:30:19.165 INFO: Load New Code definition (done) | time=44ms
2022-02-24T18:30:19.3075141Z 18:30:19.307 INFO: Analysis report generated in 178ms, dir size=830.8 kB
2022-02-24T18:30:19.7450843Z 18:30:19.744 INFO: Analysis report compressed in 437ms, zip size=580.4 kB
2022-02-24T18:30:19.7461236Z 18:30:19.745 INFO: Analysis report generated in /home/vsts/work/1/s/.scannerwork/scanner-report
2022-02-24T18:30:19.7461807Z 18:30:19.745 DEBUG: Upload report
2022-02-24T18:30:19.7689476Z 18:30:19.768 DEBUG: POST 403 https://sonarqube.url.com/api/ce/submit?projectKey=something&characteristic=branch%3Dfix%2Fsonar_log&characteristic=branchType%3DBRANCH | time=22ms
2022-02-24T18:30:19.7736819Z 18:30:19.773 DEBUG: eslint-bridge server will shutdown
2022-02-24T18:30:25.1296916Z 18:30:25.129 INFO: ------------------------------------------------------------------------
2022-02-24T18:30:25.1298918Z 18:30:25.129 INFO: EXECUTION FAILURE
2022-02-24T18:30:25.1300367Z 18:30:25.129 INFO: ------------------------------------------------------------------------
2022-02-24T18:30:25.1366789Z 18:30:25.129 INFO: Total time: 1:09.899s
2022-02-24T18:30:25.2483868Z 18:30:25.247 INFO: Final Memory: 46M/157M
2022-02-24T18:30:25.2485217Z 18:30:25.247 INFO: ------------------------------------------------------------------------
2022-02-24T18:30:25.2526335Z ##[error]18:30:25.247 ERROR: Error during SonarScanner execution
2022-02-24T18:30:25.2535551Z 18:30:25.247 ERROR: Error during SonarScanner execution
2022-02-24T18:30:25.2537342Z ##[error]java.lang.IllegalStateException: Failed to upload report: You're not authorized to run analysis. Please contact the project administrator.
2022-02-24T18:30:25.2538690Z java.lang.IllegalStateException: Failed to upload report: You're not authorized to run analysis. Please contact the project administrator.
2022-02-24T18:30:25.2547630Z ##[error]at org.sonar.scanner.report.ReportPublisher.upload(ReportPublisher.java:207)
	at org.sonar.scanner.report.ReportPublisher.execute(ReportPublisher.java:142)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:357)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
	at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:136)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: You're not authorized to run analysis. Please contact the project administrator.

We checked more than required :smiley:
In the end - in our case - it was a policy rule in WAF frontdoor firewall: LFI-930110
image

We recreated the project in SonarQube, fumbled around with permissions, fumbled around with Azure DevOps task settings, like explicitly handing over the user token etc…
image
I went crazy. Even more happy when we found out the core issue to be in frontdoor policy rules :slight_smile: