SonarCloud has deprecated the sonar.login, causing concourse-sonarqube-resource to fail during execution

[cpasquini]

The SonarCloud team has recently deprecated the use of sonar.login in sonar-scanner. The notification says it was deprecated on July 11th, but it was actually rolled out today:

https://community.sonarsource.com/t/removing-sonar-login-from-sonarqube-cloud-on-june-11-2026/182937

This is causing tasks to fail with an Not authorized message:

ERROR: Error during SonarScanner execution
ERROR: Not authorized or project not found. Please check the 'SONAR_TOKEN' environment variable, the 'sonar.projectKey' and 'sonar.organization' properties, or contact the project administrator to verify the token's permissions.
ERROR: 
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
ERROR in /opt/resource/out : line 308 with exit code 2

A workaround is possible by adding sonar.token: ((sonarcloud-token)) to the additional_properties field, however a code fix would be ideal.

[holgerstolzenberg]

A vibe coded fix has been pushed. I dropped username/password auth in favor of sonar.token based authentication. This is a breaking change.

@cpasquini Could you please test if latest tag works for you. The project is in maintenance mode only, I currently have no Concourse instance to test with.

[cpasquini]

Latest tag is working for us now.
I did notice that in your PR on the README that the resource usage definition is still referencing the login:

concourse-sonarqube-resource/README.md

Line 204 in 77b1a4b

login: ((sonarqube-auth-token))

[holgerstolzenberg]

@cpasquini

Good catch. I have updated the README and also found an outdated part in out script. I fresh latest build should be there soon.
Could you please re-test it, before we merge.

[holgerstolzenberg]

Build is done

[cpasquini]

@holgerstolzenberg - the new build is working for us. Thanks