sonarqube-scan-action

mirror of https://github.com/SonarSource/sonarqube-scan-action.git synced 2026-02-19 00:31:45 +00:00

Author	SHA1	Message	Date
dependabot[bot]	dcc5211de5	SQSCANGHA-128 NO-JIRA Bump actions/cache from 4 to 5 (#219 ) Some checks failed QA Deprecated C and C++ action / Action outputs (push) Has been cancelled Details QA Install Build Wrapper action / Action outputs (push) Has been cancelled Details QA Main action / No inputs (push) Has been cancelled Details QA Main action / 'args' input with backticks injection does not execute command (push) Has been cancelled Details QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command (push) Has been cancelled Details QA Main action / Don't fail on Gradle project (push) Has been cancelled Details QA Main action / 'args' input (push) Has been cancelled Details QA Main action / Analysis takes into account 'SONAR_ROOT_CERT' (push) Has been cancelled Details QA Scripts / download.sh (push) Has been cancelled Details QA Main action / 'args' input with command injection will fail (push) Has been cancelled Details QA Main action / 'args' input with dollar command injection does not execute command (push) Has been cancelled Details QA Main action / 'scannerBinariesUrl' input with invalid URL (push) Has been cancelled Details QA Main action / 'args' input with other command injection variants does not execute command (push) Has been cancelled Details QA Main action / 'scannerVersion' input (push) Has been cancelled Details QA Main action / 'projectBaseDir' input (push) Has been cancelled Details QA Main action / 'SONAR_ROOT_CERT' is converted to truststore (push) Has been cancelled Details QA Scripts / configure_paths.sh (push) Has been cancelled Details QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command (push) Has been cancelled Details QA Main action / Don't fail on Maven project (push) Has been cancelled Details QA Main action / Don't fail on Kotlin Gradle project (push) Has been cancelled Details QA Main action / 'SONARCLOUD_URL' is used (push) Has been cancelled Details QA Main action / runAnalysisTest (push) Has been cancelled Details QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx (push) Has been cancelled Details QA Main action / truststore.p12 is updated when present (push) Has been cancelled Details QA Main action / 'RUNNER_DEBUG' is used (push) Has been cancelled Details QA Main action / 'scannerVersion' input validation (push) Has been cancelled Details QA Main action / runAnalysisWithCacheTest (push) Has been cancelled Details QA Scripts / fetch_latest_version.sh (push) Has been cancelled Details QA Scripts / create_install_path.sh (push) Has been cancelled Details Unit tests / test (push) Has been cancelled Details Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-16 20:53:44 +01:00
Julien HENRY	60aee7033b	NO-JIRA Disable fail fast on matrix jobs	2025-09-18 10:38:53 +02:00
Julien HENRY	502204eab4	NO-JIRA Fix test assertion	2025-09-18 10:38:53 +02:00
Jeremy Davis	ee80e84272	SQSCANGHA-112 Fix redirect test to deal with TLS	2025-09-18 10:38:53 +02:00
Jeremy Davis	16df975da5	SQSCANGHA-113 Migrate scanner run step	2025-09-18 10:38:53 +02:00
Jeremy Davis	ed9f3aad50	SQSCANGHA-112 Migrate installation step	2025-09-18 10:38:53 +02:00
SonarTech	5837ebfcca	BUILD-8875: Migrate to standardized GitHub runner names Co-authored-by: Julien HENRY <julien.henry@sonarsource.com>	2025-09-02 10:10:38 +02:00
Aleksandra Bozhinoska	016cabf33a	SQSCANGHA-101 Add more command injection tests	2025-08-28 10:57:10 +02:00
dependabot[bot]	786af10ed4	NO-JIRA Bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-08-19 13:34:18 +02:00
Samir M	74f62c995b	BUILD-8073 Migrate public repositories workflows to large runners	2025-05-26 14:06:24 +02:00
Aleksandra Bozhinoska	c8aa051cc4	SQSCANGHA-83 Avoid unbound variable error on parameter expansion (#192 )	2025-05-16 16:57:48 +02:00
csaba-feher-sonarsource	2500896589	SQSCANGHA-92 Validate scanner version (#189 ) Co-authored-by: Julien HENRY <julien.henry@sonarsource.com>	2025-05-05 17:48:40 +02:00
Julien HENRY	be0a85295f	SQSCANGHA-89 Fix possible command injection It is unlikely to be a real concern, since an attacker having the possibility to edit a pipeline can easily execute any command, but at least our step won't be involved	2025-04-29 12:17:00 +02:00
SonarTech	aa494459d7	SQSCANGHA-85 Update SonarScanner CLI to 7.1.0.4889 to support sonar.region=us	2025-03-24 15:16:27 +01:00
SonarTech	0303d6b62e	Update SonarScanner CLI to 7.0.2.4839	2025-02-14 14:05:04 +01:00
Antonio Aversa	26c51824c8	SQSCANGHA-76 Support self-hosted runners not clearing truststore after run (#165 )	2024-12-17 09:19:42 +01:00
Antonio Aversa	0ab314b63d	SQSCANGHA-75 Support self-hosted runners not clearing temp after run (#164 )	2024-12-16 10:45:31 +01:00
Antonio Aversa	00e62e1190	SQCPPGHA-9 Extend action to support C, C++, and Objective-C projects (#161 )	2024-12-16 10:24:14 +01:00

18 commits