Authenticate sonarScanner via basic auth

Question

I\'m frustrated with this problem, Our sonarqube server is behind http basic authentication and local runner fails with 401 error. Is it somehow possible to provide credent

Answer 1

I know the question is rather old, but I just spent a day to figure the following out:

TLDR: The sonar-runner, even if configured with credentials, does not use these to make it's first call to the server. The endpoint is /batch/index. You have to allow public access to that endpoint. For all other urls basic auth is fine.

Some more details: I use Apache 2.4 as reverse proxy with basic authentication for Sonar 7.9.2, which lives in docker containers under the path /sonar. Part of my Apache 2.4 config for auth

  
    SetEnvIf User-Agent "^ScannerMaven" scanner_maven
    SetEnvIf User-Agent "^ScannerCli" scanner_maven
  
  
    
      Require group sonar
      
        Require expr %{REQUEST_URI} =~ m#^.*\/sonar\/batch\/index#
        Require env scanner_maven
      
    
    SetEnv proxy-chain-auth On
  

As you can see the path /sonar/batch/index does not use authentication. As a not very good, but better than nothing restriction, I set an env variable if someone with the User-Agent ScannerMaven or ScannerCli (thats the sonar-scanner) is making the request. Be aware that the User-Agent can be easily faked or may change depending on the scanner. For all other urls a user being in the group sonar must be authenticated. (The users for Apache and Sonar are the same, the proxy forwards the credentials with proxy-chain-auth to Sonar).

This setup is tested with maven: mvn sonar:sonar

Using

    
      
        sonar
        
            true
        
        
          https://myhost/sonar/
          ${env.SONARUSER}
          ${env.SONARPWD}
        
      
    

    [...]

    
        org.sonarsource.scanner.maven
        sonar-maven-plugin
        3.7.0.1746