Claire Villard
e1c6b579ce
SQSCANGHA-140 Add GPG signature verification for scanner downloads
...
Implemented OpenPGP signature verification to ensure the integrity and authenticity of downloaded SonarQube scanner packages. This security enhancement protects against supply chain attacks.
Key implementation decisions:
- GPG verification runs by default for all scanner downloads, with an optional skipSignatureVerification flag for environments where GPG is unavailable
- Dual keyserver strategy: attempts primary keyserver (keyserver.ubuntu.com) with automatic fallback to keys.openpgp.org if the primary fails, improving reliability across different network environments
- Platform-specific path handling: converts Windows paths to Unix-style format for GPG compatibility, as GPG from Git for Windows expects Unix-style paths even on Windows systems
- Isolated verification: uses temporary GPG home directories to avoid polluting user keyring, with guaranteed cleanup in finally blocks to prevent temp file leakage even on verification failures
- Security-first error handling: throws clear errors when GPG is absent or signatures fail, preventing silent security bypasses
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>"
2026-04-28 15:44:49 +02:00
Antoine Vinot
30dbe5c9ee
SQSCANGHA-138 Update dist and add ci test ( #233 )
...
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-1 (push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
(push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
-1 (push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
-2 (push) Has been cancelled
QA Main action / 'projectBaseDir' input
(push) Has been cancelled
QA Main action / 'projectBaseDir' input
-1 (push) Has been cancelled
QA Main action / 'projectBaseDir' input
-2 (push) Has been cancelled
QA Main action / Don't fail on Maven project
(push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-2 (push) Has been cancelled
QA Main action / 'scannerVersion' input
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' input with invalid URL
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / Don't fail on Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Kotlin Gradle project
(push) Has been cancelled
QA Main action / runAnalysisTest (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
(push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-1 (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-2 (push) Has been cancelled
QA Main action / runAnalysisWithCacheTest (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-1 (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
(push) Has been cancelled
QA Main action / 'scannerVersion' input validation
(push) Has been cancelled
QA Scripts / create_install_path.sh (push) Has been cancelled
QA Scripts / configure_paths.sh (push) Has been cancelled
QA Scripts / download.sh (push) Has been cancelled
QA Scripts / fetch_latest_version.sh (push) Has been cancelled
Unit tests / test (push) Has been cancelled
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx
(push) Has been cancelled
Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
2026-04-23 14:20:12 +02:00
Claire Villard
c8357220fa
SQSCANGHA-134 Upgrade the libraries to latest version ( #227 )
...
QA Main action / 'projectBaseDir' input
(push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-1 (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-2 (push) Has been cancelled
QA Main action / Don't fail on Gradle project
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / runAnalysisWithCacheTest (push) Has been cancelled
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
(push) Has been cancelled
QA Main action / 'projectBaseDir' input
-1 (push) Has been cancelled
QA Main action / 'scannerBinariesUrl' input with invalid URL
(push) Has been cancelled
QA Main action / 'projectBaseDir' input
-2 (push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
-1 (push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
-2 (push) Has been cancelled
QA Main action / 'scannerVersion' input
(push) Has been cancelled
QA Main action / Don't fail on Kotlin Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Maven project
(push) Has been cancelled
QA Main action / runAnalysisTest (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
(push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
(push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-1 (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-2 (push) Has been cancelled
QA Main action / Analysis takes into account 'SONAR_ROOT_CERT'
(push) Has been cancelled
QA Main action / truststore.p12 is updated when present
(push) Has been cancelled
QA Scripts / download.sh (push) Has been cancelled
QA Scripts / create_install_path.sh (push) Has been cancelled
QA Scripts / configure_paths.sh (push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-2 (push) Has been cancelled
QA Main action / 'scannerVersion' input validation
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-1 (push) Has been cancelled
Co-authored-by: Julien Carsique <julien.carsique@sonarsource.com>
2026-04-14 15:21:19 +02:00
Claire Villard
f00de44f57
SC-45750 Migrate to dateless license headers ( #229 )
QA Main action / 'projectBaseDir' input
(push) Has been cancelled
QA Main action / 'projectBaseDir' input
-1 (push) Has been cancelled
QA Main action / 'projectBaseDir' input
-2 (push) Has been cancelled
QA Main action / 'scannerVersion' input
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' input with invalid URL
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / Don't fail on Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Kotlin Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Maven project
(push) Has been cancelled
QA Main action / runAnalysisTest (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
(push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-1 (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-2 (push) Has been cancelled
QA Main action / runAnalysisWithCacheTest (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
(push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-1 (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-2 (push) Has been cancelled
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-1 (push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-2 (push) Has been cancelled
QA Main action / Analysis takes into account 'SONAR_ROOT_CERT'
(push) Has been cancelled
QA Main action / truststore.p12 is updated when present
(push) Has been cancelled
QA Main action / 'scannerVersion' input validation
(push) Has been cancelled
QA Scripts / create_install_path.sh (push) Has been cancelled
QA Scripts / configure_paths.sh (push) Has been cancelled
QA Scripts / download.sh (push) Has been cancelled
QA Scripts / fetch_latest_version.sh (push) Has been cancelled
Unit tests / test (push) Has been cancelled
2026-04-10 13:57:27 +02:00
Claire Villard
f099b44166
SQSCANGHA-133 Upgrade the Node version used in UTs + contribution guide ( #226 )
QA Main action / 'projectBaseDir' input
(push) Has been cancelled
QA Main action / 'projectBaseDir' input
-1 (push) Has been cancelled
QA Main action / 'projectBaseDir' input
-2 (push) Has been cancelled
QA Main action / 'scannerVersion' input
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' input with invalid URL
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / Don't fail on Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Kotlin Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Maven project
(push) Has been cancelled
QA Main action / runAnalysisTest (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
(push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-1 (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-2 (push) Has been cancelled
QA Main action / runAnalysisWithCacheTest (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
(push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-1 (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-2 (push) Has been cancelled
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-1 (push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-2 (push) Has been cancelled
QA Main action / Analysis takes into account 'SONAR_ROOT_CERT'
(push) Has been cancelled
QA Main action / truststore.p12 is updated when present
(push) Has been cancelled
QA Main action / 'scannerVersion' input validation
(push) Has been cancelled
QA Scripts / create_install_path.sh (push) Has been cancelled
QA Scripts / configure_paths.sh (push) Has been cancelled
QA Scripts / download.sh (push) Has been cancelled
QA Scripts / fetch_latest_version.sh (push) Has been cancelled
Unit tests / test (push) Has been cancelled
2026-04-03 10:34:00 +02:00
tomverin
d899ed2996
BUILD-10861 Dependabot 5-day cooldown + internal excludes ( #225 )
QA Main action / 'projectBaseDir' input
(push) Waiting to run
QA Main action / 'projectBaseDir' input
-1 (push) Waiting to run
QA Main action / 'projectBaseDir' input
-2 (push) Waiting to run
QA Main action / 'scannerVersion' input
(push) Waiting to run
QA Main action / 'scannerBinariesUrl' input with invalid URL
(push) Waiting to run
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
(push) Waiting to run
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
(push) Waiting to run
QA Main action / Don't fail on Gradle project
(push) Waiting to run
QA Main action / Don't fail on Kotlin Gradle project
(push) Waiting to run
QA Main action / Don't fail on Maven project
(push) Waiting to run
QA Main action / runAnalysisTest (push) Waiting to run
QA Main action / 'RUNNER_DEBUG' is used
(push) Waiting to run
QA Main action / 'RUNNER_DEBUG' is used
-1 (push) Waiting to run
QA Main action / 'RUNNER_DEBUG' is used
-2 (push) Waiting to run
QA Main action / runAnalysisWithCacheTest (push) Waiting to run
QA Main action / 'SONARCLOUD_URL' is used
(push) Waiting to run
QA Main action / 'SONARCLOUD_URL' is used
-1 (push) Waiting to run
QA Main action / 'SONARCLOUD_URL' is used
-2 (push) Waiting to run
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx
(push) Waiting to run
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
(push) Waiting to run
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-1 (push) Waiting to run
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-2 (push) Waiting to run
QA Main action / Analysis takes into account 'SONAR_ROOT_CERT'
(push) Waiting to run
QA Main action / truststore.p12 is updated when present
(push) Waiting to run
QA Main action / 'scannerVersion' input validation
(push) Waiting to run
QA Scripts / create_install_path.sh (push) Waiting to run
QA Scripts / configure_paths.sh (push) Waiting to run
QA Scripts / download.sh (push) Waiting to run
QA Scripts / fetch_latest_version.sh (push) Waiting to run
Unit tests / test (push) Waiting to run
2026-04-02 15:07:08 +02:00
Claire Villard
299e4b793a
SQSCANGHA-132 Upgrade Node to 24 ( #224 )
QA Main action / truststore.p12 is updated when present
(push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
(push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
-1 (push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
-2 (push) Has been cancelled
QA Main action / 'projectBaseDir' input
(push) Has been cancelled
QA Main action / 'projectBaseDir' input
-1 (push) Has been cancelled
QA Main action / 'projectBaseDir' input
-2 (push) Has been cancelled
QA Main action / 'scannerVersion' input
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' input with invalid URL
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / Don't fail on Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Kotlin Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Maven project
(push) Has been cancelled
QA Main action / runAnalysisTest (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
(push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-1 (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-2 (push) Has been cancelled
QA Main action / runAnalysisWithCacheTest (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
(push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-1 (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-2 (push) Has been cancelled
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-1 (push) Has been cancelled
QA Main action / 'scannerVersion' input validation
(push) Has been cancelled
QA Scripts / create_install_path.sh (push) Has been cancelled
QA Scripts / configure_paths.sh (push) Has been cancelled
QA Scripts / download.sh (push) Has been cancelled
QA Scripts / fetch_latest_version.sh (push) Has been cancelled
2026-04-01 11:14:54 +02:00
dependabot[bot]
3988e54db2
SQSCANGHA-131 Bump picomatch from 4.0.3 to 4.0.4 ( #223 )
...
QA Main action / 'args' input with other command injection variants does not execute command
(push) Waiting to run
QA Main action / 'args' input with other command injection variants does not execute command
-1 (push) Waiting to run
QA Main action / 'args' input with other command injection variants does not execute command
-2 (push) Waiting to run
QA Main action / 'projectBaseDir' input
(push) Waiting to run
QA Main action / 'projectBaseDir' input
-1 (push) Waiting to run
QA Main action / 'projectBaseDir' input
-2 (push) Waiting to run
QA Main action / 'scannerVersion' input
(push) Waiting to run
QA Main action / 'scannerBinariesUrl' input with invalid URL
(push) Waiting to run
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
(push) Waiting to run
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
(push) Waiting to run
QA Main action / Don't fail on Gradle project
(push) Waiting to run
QA Main action / Don't fail on Kotlin Gradle project
(push) Waiting to run
QA Main action / Don't fail on Maven project
(push) Waiting to run
QA Main action / runAnalysisTest (push) Waiting to run
QA Main action / 'RUNNER_DEBUG' is used
(push) Waiting to run
QA Main action / 'RUNNER_DEBUG' is used
-1 (push) Waiting to run
QA Main action / 'RUNNER_DEBUG' is used
-2 (push) Waiting to run
QA Main action / 'scannerVersion' input validation
(push) Waiting to run
QA Main action / runAnalysisWithCacheTest (push) Waiting to run
QA Main action / 'SONARCLOUD_URL' is used
(push) Waiting to run
QA Main action / 'SONARCLOUD_URL' is used
-1 (push) Waiting to run
QA Main action / 'SONARCLOUD_URL' is used
-2 (push) Waiting to run
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx
(push) Waiting to run
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
(push) Waiting to run
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-1 (push) Waiting to run
QA Scripts / create_install_path.sh (push) Waiting to run
QA Scripts / configure_paths.sh (push) Waiting to run
QA Scripts / download.sh (push) Waiting to run
QA Scripts / fetch_latest_version.sh (push) Waiting to run
Unit tests / test (push) Waiting to run
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-31 08:58:59 +02:00
dependabot[bot]
9598b8a83f
SQSCANGHA-130 Bump rollup from 4.50.1 to 4.59.0 ( #221 )
...
QA Main action / 'projectBaseDir' input
(push) Has been cancelled
QA Main action / 'projectBaseDir' input
-1 (push) Has been cancelled
QA Main action / 'projectBaseDir' input
-2 (push) Has been cancelled
QA Main action / 'scannerVersion' input
(push) Has been cancelled
QA Main action / Don't fail on Maven project
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' input with invalid URL
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / Don't fail on Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Kotlin Gradle project
(push) Has been cancelled
QA Main action / runAnalysisTest (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
(push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-1 (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
-2 (push) Has been cancelled
QA Main action / runAnalysisWithCacheTest (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
(push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-1 (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
-2 (push) Has been cancelled
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-1 (push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
-2 (push) Has been cancelled
QA Main action / Analysis takes into account 'SONAR_ROOT_CERT'
(push) Has been cancelled
QA Main action / truststore.p12 is updated when present
(push) Has been cancelled
QA Main action / 'scannerVersion' input validation
(push) Has been cancelled
QA Scripts / create_install_path.sh (push) Has been cancelled
QA Scripts / configure_paths.sh (push) Has been cancelled
QA Scripts / download.sh (push) Has been cancelled
QA Scripts / fetch_latest_version.sh (push) Has been cancelled
Unit tests / test (push) Has been cancelled
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-06 10:07:15 +01:00
dependabot[bot]
dcc5211de5
SQSCANGHA-128 NO-JIRA Bump actions/cache from 4 to 5 ( #219 )
...
QA Deprecated C and C++ action / Action outputs (push) Has been cancelled
QA Install Build Wrapper action / Action outputs (push) Has been cancelled
QA Main action / No inputs
(push) Has been cancelled
QA Main action / 'args' input with backticks injection does not execute command
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / Don't fail on Gradle project
(push) Has been cancelled
QA Main action / 'args' input
(push) Has been cancelled
QA Main action / Analysis takes into account 'SONAR_ROOT_CERT'
(push) Has been cancelled
QA Scripts / download.sh (push) Has been cancelled
QA Main action / 'args' input with command injection will fail
(push) Has been cancelled
QA Main action / 'args' input with dollar command injection does not execute command
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' input with invalid URL
(push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
(push) Has been cancelled
QA Main action / 'scannerVersion' input
(push) Has been cancelled
QA Main action / 'projectBaseDir' input
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
(push) Has been cancelled
QA Scripts / configure_paths.sh (push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / Don't fail on Maven project
(push) Has been cancelled
QA Main action / Don't fail on Kotlin Gradle project
(push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
(push) Has been cancelled
QA Main action / runAnalysisTest (push) Has been cancelled
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx
(push) Has been cancelled
QA Main action / truststore.p12 is updated when present
(push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
(push) Has been cancelled
QA Main action / 'scannerVersion' input validation
(push) Has been cancelled
QA Main action / runAnalysisWithCacheTest (push) Has been cancelled
QA Scripts / fetch_latest_version.sh (push) Has been cancelled
QA Scripts / create_install_path.sh (push) Has been cancelled
Unit tests / test (push) Has been cancelled
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-16 20:53:44 +01:00
Claire Villard
b9f37f9de0
SQSCANGHA-129 Fix the Analysis Processing team name in CODEOWNERS ( #220 )
...
Unit tests / test (push) Has been cancelled
QA Deprecated C and C++ action / Action outputs (push) Has been cancelled
QA Install Build Wrapper action / Action outputs (push) Has been cancelled
QA Main action / Analysis takes into account 'SONAR_ROOT_CERT'
(push) Has been cancelled
QA Main action / truststore.p12 is updated when present
(push) Has been cancelled
QA Main action / No inputs
(push) Has been cancelled
QA Main action / 'args' input with backticks injection does not execute command
(push) Has been cancelled
QA Main action / 'args' input with dollar command injection does not execute command
(push) Has been cancelled
QA Main action / 'scannerVersion' input
(push) Has been cancelled
QA Main action / 'args' input
(push) Has been cancelled
QA Main action / 'args' input with command injection will fail
(push) Has been cancelled
QA Scripts / create_install_path.sh (push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
(push) Has been cancelled
QA Main action / 'projectBaseDir' input
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' input with invalid URL
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / Don't fail on Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Kotlin Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Maven project
(push) Has been cancelled
QA Main action / runAnalysisTest (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
(push) Has been cancelled
QA Main action / 'scannerVersion' input validation
(push) Has been cancelled
QA Main action / runAnalysisWithCacheTest (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
(push) Has been cancelled
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
(push) Has been cancelled
QA Scripts / configure_paths.sh (push) Has been cancelled
QA Scripts / download.sh (push) Has been cancelled
QA Scripts / fetch_latest_version.sh (push) Has been cancelled
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-11 11:37:16 +01:00
github-actions[bot]
a31c9398be
SQSCANGHA-126 Update SonarScanner CLI to 8.0.1.6346 ( #218 )
QA Deprecated C and C++ action / Action outputs (push) Has been cancelled
Unit tests / test (push) Has been cancelled
QA Install Build Wrapper action / Action outputs (push) Has been cancelled
QA Main action / No inputs
(push) Has been cancelled
QA Main action / 'args' input
(push) Has been cancelled
QA Main action / 'args' input with command injection will fail
(push) Has been cancelled
QA Main action / 'args' input with backticks injection does not execute command
(push) Has been cancelled
QA Main action / 'args' input with dollar command injection does not execute command
(push) Has been cancelled
QA Main action / 'args' input with other command injection variants does not execute command
(push) Has been cancelled
QA Main action / 'projectBaseDir' input
(push) Has been cancelled
QA Main action / 'scannerVersion' input
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' input with invalid URL
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
(push) Has been cancelled
QA Main action / Don't fail on Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Kotlin Gradle project
(push) Has been cancelled
QA Main action / Don't fail on Maven project
(push) Has been cancelled
QA Main action / runAnalysisTest (push) Has been cancelled
QA Main action / 'RUNNER_DEBUG' is used
(push) Has been cancelled
QA Main action / runAnalysisWithCacheTest (push) Has been cancelled
QA Main action / 'SONARCLOUD_URL' is used
(push) Has been cancelled
QA Main action / curl performs redirect when scannerBinariesUrl returns 3xx
(push) Has been cancelled
QA Main action / 'SONAR_ROOT_CERT' is converted to truststore
(push) Has been cancelled
QA Main action / Analysis takes into account 'SONAR_ROOT_CERT'
(push) Has been cancelled
QA Main action / truststore.p12 is updated when present
(push) Has been cancelled
QA Main action / 'scannerVersion' input validation
(push) Has been cancelled
QA Scripts / create_install_path.sh (push) Has been cancelled
QA Scripts / configure_paths.sh (push) Has been cancelled
QA Scripts / download.sh (push) Has been cancelled
QA Scripts / fetch_latest_version.sh (push) Has been cancelled
2025-12-09 09:53:51 +01:00
dependabot[bot]
40f5b61913
SQSCANGHA-123 NO-JIRA Bump actions/setup-node from 5 to 6 ( #214 )
2025-10-15 15:09:18 +02:00
Brandon Davis
9bf7c126a1
SQSCANGHA-122 Include caveats for running SCA ( #213 )
2025-10-09 06:21:35 -05:00
github-actions[bot]
ba6563cca7
Update SonarScanner CLI to 7.3.0.5189 ( #212 )
2025-10-06 09:29:17 +02:00
dependabot[bot]
5ffbad4454
SQSCANGHA-120 Bump actions/setup-node from 4 to 5 ( #211 )
2025-09-22 07:47:48 +02:00
Joan Biel
fd88b7d7cc
SQSCANGHA-119 New Readme structure
...
Add quick start section
Increase visibility of special cases and alternatives
Prioritize SQC examples over SQS
2025-09-18 10:38:53 +02:00
Julien HENRY
27a157d234
SQSCANGHA-118 Update the README to document the breaking change for args parsing
2025-09-18 10:38:53 +02:00
Jeremy Davis
e327da8e78
NO-JIRA Add documentation for contribution
2025-09-18 10:38:53 +02:00
Jeremy Davis
ff001fd600
SQSCANGHA-107 Migrate install-build-wrapper
2025-09-18 10:38:53 +02:00
Jeremy Davis
a88c96d7e4
SQSCANGHA-107 Make room for install-build-wrapper action
2025-09-18 10:38:53 +02:00
Jeremy Davis
a64281002c
SQSCANGHA-112 SQSCANGHA-113 Fixes from review and keytool refactor
2025-09-18 10:38:53 +02:00
Julien HENRY
60aee7033b
NO-JIRA Disable fail fast on matrix jobs
2025-09-18 10:38:53 +02:00
Julien HENRY
502204eab4
NO-JIRA Fix test assertion
2025-09-18 10:38:53 +02:00
Jeremy Davis
0b794a06fa
SQSCANGHA-112 Delete legacy shell script
2025-09-18 10:38:53 +02:00
Jeremy Davis
ece10df5d7
SQSCANGHA-112 Extract installation step and other fixes
2025-09-18 10:38:53 +02:00
Jeremy Davis
ee80e84272
SQSCANGHA-112 Fix redirect test to deal with TLS
2025-09-18 10:38:53 +02:00
Jeremy Davis
cbabf0572a
SQSCANGHA-113 Delete legacy shell scripts
2025-09-18 10:38:53 +02:00
Jeremy Davis
16df975da5
SQSCANGHA-113 Migrate scanner run step
2025-09-18 10:38:53 +02:00
Jeremy Davis
ed9f3aad50
SQSCANGHA-112 Migrate installation step
2025-09-18 10:38:53 +02:00
Jeremy Davis
8f448484d9
SQSCANGHA-115 Delete legacy shell script
2025-09-18 10:38:53 +02:00
Jeremy Davis
6a808e9a20
SQSCANGHA-115 Migrate sanity checks
2025-09-18 10:38:53 +02:00
Jeremy Davis
9db61695c9
SQSCANGHA-117 Set up js build
2025-09-18 10:38:53 +02:00
SonarTech
5837ebfcca
BUILD-8875: Migrate to standardized GitHub runner names
...
Co-authored-by: Julien HENRY <julien.henry@sonarsource.com>
2025-09-02 10:10:38 +02:00
Daan Timmer
1a6d90ebcb
SQSCANGHA-102 Pin actions/cache to a full-length commit SHA ( #199 )
2025-08-28 12:18:32 +02:00
Aleksandra Bozhinoska
016cabf33a
SQSCANGHA-101 Add more command injection tests
2025-08-28 10:57:10 +02:00
Aleksandra Bozhinoska
5fc8cfce6b
SQSCANGHA-101 Fix sha256 check in QA Deprecated C/C++ action
2025-08-28 10:57:10 +02:00
dependabot[bot]
786af10ed4
NO-JIRA Bump actions/checkout from 4 to 5
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2025-08-19 13:34:18 +02:00
Julien HENRY
01850e2590
SQSCANGHA-94 Fix the scanner-update workflow
2025-07-22 11:46:10 +02:00
github-actions[bot]
8c71dc039c
SQSCANGHA-98 Update SonarScanner CLI to 7.2.0.5079 ( #196 )
...
Co-authored-by: SonarTech <sonartech@sonarsource.com>
2025-07-22 10:45:53 +02:00
Elian Doran
ef211f93a6
SQSCANGHA-97 Use /usr/bin/env for shebang ( #193 )
2025-06-30 10:17:39 +02:00
Samir M
74f62c995b
BUILD-8073 Migrate public repositories workflows to large runners
2025-05-26 14:06:24 +02:00
Aleksandra Bozhinoska
c8aa051cc4
SQSCANGHA-83 Avoid unbound variable error on parameter expansion ( #192 )
2025-05-16 16:57:48 +02:00
csaba-feher-sonarsource
bfe63be746
SQSCANGHA-95 Update CODEOWNERS ( #190 )
2025-05-07 15:34:05 +02:00
csaba-feher-sonarsource
2500896589
SQSCANGHA-92 Validate scanner version ( #189 )
...
Co-authored-by: Julien HENRY <julien.henry@sonarsource.com>
2025-05-05 17:48:40 +02:00
csaba-feher-sonarsource
73bc64cb64
SQSCANGHA-94 Update version update logic ( #188 )
2025-05-05 17:48:00 +02:00
csaba-feher-sonarsource
7d51dd28ef
SQSCANGHA-93 Fix madhead/semver-utils' version ( #187 )
...
Co-authored-by: Julien HENRY <julien.henry@sonarsource.com>
2025-05-05 17:47:42 +02:00
Julien HENRY
be0a85295f
SQSCANGHA-89 Fix possible command injection
...
It is unlikely to be a real concern, since an attacker having the possibility to edit a pipeline can easily execute any command, but at least our step won't be involved
2025-04-29 12:17:00 +02:00
Pierre
12d7d00f02
SQSCANGHA-90 remove mend dead conf ( #184 )
2025-04-24 11:33:26 +02:00
SonarTech
aa494459d7
SQSCANGHA-85 Update SonarScanner CLI to 7.1.0.4889 to support sonar.region=us
2025-03-24 15:16:27 +01:00
