actions/sonarqube-scan-action
2
0
Fork 0
mirror of https://github.com/SonarSource/sonarqube-scan-action.git synced 2026-05-23 10:25:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
141 commits 6 branches 57 tags 5.7 MiB
Commit graph

8 commits

Author SHA1 Message Date
Claire Villard
e8b2382915 SQSCANGHA-140 Implement OpenPGP signature verification for scanner downloads 
Add GPG signature verification to ensure downloaded Sonar Scanner CLI binaries
are authentic and haven't been tampered with. This implements supply chain
security by verifying signatures against SonarSource's public key.

Changes:
- Add gpg-verification.js module with signature verification logic
- Download and verify .asc signature files alongside scanner ZIPs
- Import SonarSource public key from keyserver.ubuntu.com
- Add skipSignatureVerification input parameter (default: false)
- Add @actions/exec dependency for cross-platform GPG execution
- Add comprehensive unit tests for verification functions
- Update dist with bundled changes

Verification is enabled by default and uses an isolated temporary GPG home
directory to avoid polluting user's keyring. All temporary files are cleaned
up properly, even on errors.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-04-27 17:54:16 +02:00
Claire Villard
c8357220fa
SQSCANGHA-134 Upgrade the libraries to latest version (#227)
Some checks failed
QA Main action / 'projectBaseDir' input (push) Has been cancelled
Details
QA Main action / 'RUNNER_DEBUG' is used -1 (push) Has been cancelled
Details
QA Main action / 'RUNNER_DEBUG' is used -2 (push) Has been cancelled
Details
QA Main action / Don't fail on Gradle project (push) Has been cancelled
Details
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command (push) Has been cancelled
Details
QA Main action / runAnalysisWithCacheTest (push) Has been cancelled
Details
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx (push) Has been cancelled
Details
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore (push) Has been cancelled
Details
QA Main action / 'projectBaseDir' input -1 (push) Has been cancelled
Details
QA Main action / 'scannerBinariesUrl' input with invalid URL (push) Has been cancelled
Details
QA Main action / 'projectBaseDir' input -2 (push) Has been cancelled
Details
QA Main action / 'args' input with other command injection variants does not execute command -1 (push) Has been cancelled
Details
QA Main action / 'args' input with other command injection variants does not execute command -2 (push) Has been cancelled
Details
QA Main action / 'scannerVersion' input (push) Has been cancelled
Details
QA Main action / Don't fail on Kotlin Gradle project (push) Has been cancelled
Details
QA Main action / Don't fail on Maven project (push) Has been cancelled
Details
QA Main action / runAnalysisTest (push) Has been cancelled
Details
QA Main action / 'RUNNER_DEBUG' is used (push) Has been cancelled
Details
QA Main action / 'SONARCLOUD_URL' is used (push) Has been cancelled
Details
QA Main action / 'SONARCLOUD_URL' is used -1 (push) Has been cancelled
Details
QA Main action / 'SONARCLOUD_URL' is used -2 (push) Has been cancelled
Details
QA Main action / Analysis takes into account 'SONAR_ROOT_CERT' (push) Has been cancelled
Details
QA Main action / truststore.p12 is updated when present (push) Has been cancelled
Details
QA Scripts / download.sh (push) Has been cancelled
Details
QA Scripts / create_install_path.sh (push) Has been cancelled
Details
QA Scripts / configure_paths.sh (push) Has been cancelled
Details
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore -2 (push) Has been cancelled
Details
QA Main action / 'scannerVersion' input validation (push) Has been cancelled
Details
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command (push) Has been cancelled
Details
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore -1 (push) Has been cancelled
Details 
Co-authored-by: Julien Carsique <julien.carsique@sonarsource.com>
 2026-04-14 15:21:19 +02:00
dependabot[bot]
9598b8a83f
SQSCANGHA-130 Bump rollup from 4.50.1 to 4.59.0 (#221)
Some checks failed
QA Main action / 'projectBaseDir' input (push) Has been cancelled
Details
QA Main action / 'projectBaseDir' input -1 (push) Has been cancelled
Details
QA Main action / 'projectBaseDir' input -2 (push) Has been cancelled
Details
QA Main action / 'scannerVersion' input (push) Has been cancelled
Details
QA Main action / Don't fail on Maven project (push) Has been cancelled
Details
QA Main action / 'scannerBinariesUrl' input with invalid URL (push) Has been cancelled
Details
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command (push) Has been cancelled
Details
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command (push) Has been cancelled
Details
QA Main action / Don't fail on Gradle project (push) Has been cancelled
Details
QA Main action / Don't fail on Kotlin Gradle project (push) Has been cancelled
Details
QA Main action / runAnalysisTest (push) Has been cancelled
Details
QA Main action / 'RUNNER_DEBUG' is used (push) Has been cancelled
Details
QA Main action / 'RUNNER_DEBUG' is used -1 (push) Has been cancelled
Details
QA Main action / 'RUNNER_DEBUG' is used -2 (push) Has been cancelled
Details
QA Main action / runAnalysisWithCacheTest (push) Has been cancelled
Details
QA Main action / 'SONARCLOUD_URL' is used (push) Has been cancelled
Details
QA Main action / 'SONARCLOUD_URL' is used -1 (push) Has been cancelled
Details
QA Main action / 'SONARCLOUD_URL' is used -2 (push) Has been cancelled
Details
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx (push) Has been cancelled
Details
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore (push) Has been cancelled
Details
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore -1 (push) Has been cancelled
Details
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore -2 (push) Has been cancelled
Details
QA Main action / Analysis takes into account 'SONAR_ROOT_CERT' (push) Has been cancelled
Details
QA Main action / truststore.p12 is updated when present (push) Has been cancelled
Details
QA Main action / 'scannerVersion' input validation (push) Has been cancelled
Details
QA Scripts / create_install_path.sh (push) Has been cancelled
Details
QA Scripts / configure_paths.sh (push) Has been cancelled
Details
QA Scripts / download.sh (push) Has been cancelled
Details
QA Scripts / fetch_latest_version.sh (push) Has been cancelled
Details
Unit tests / test (push) Has been cancelled
Details 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-06 10:07:15 +01:00
Jeremy Davis
ff001fd600 SQSCANGHA-107 Migrate install-build-wrapper 2025-09-18 10:38:53 +02:00
Jeremy Davis
16df975da5 SQSCANGHA-113 Migrate scanner run step 2025-09-18 10:38:53 +02:00
Jeremy Davis
ed9f3aad50 SQSCANGHA-112 Migrate installation step 2025-09-18 10:38:53 +02:00
Jeremy Davis
6a808e9a20 SQSCANGHA-115 Migrate sanity checks 2025-09-18 10:38:53 +02:00
Jeremy Davis
9db61695c9 SQSCANGHA-117 Set up js build 2025-09-18 10:38:53 +02:00