actions/sonarqube-scan-action
2
0
Fork 0
mirror of https://github.com/SonarSource/sonarqube-scan-action.git synced 2025-12-12 17:31:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

pin actions/cache to a full-length commit SHA

Browse source 
As per https://docs.github.com/en/actions/reference/security/secure-use#using-third-party-actions it is recommended to pin actions to sha's instead of versions to increase security.
This commit is contained in:
Daan Timmer 2025-08-19 13:34:24 +02:00 committed by GitHub
parent 786af10ed4
commit 4fd3f21dec
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
action.yml
View file

@ -33,7 +33,7 @@ runs:
INPUT_SCANNERVERSION: ${{ inputs.scannerVersion }}
- name: Load Sonar Scanner CLI from cache
id: sonar-scanner-cli
uses: actions/cache@v4
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4
env:
# The default value is 60mins. Reaching timeout is treated the same as a cache miss.
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 1