f55d92a8a1
SQSCANGHA-149 Add scannerBinariesAuthHeader input for authenticated binary downloads
...
Organisations using private Artifactory mirrors require authentication to
download the SonarScanner CLI. This adds an optional scannerBinariesAuthHeader
input whose value is forwarded as the Authorization HTTP header to both the
binary and GPG signature downloads via tc.downloadTool's built-in auth
parameter. No new dependencies are introduced.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-29 16:40:55 +02:00
7006c4492b
Update SonarScanner CLI to 8.1.0.6389
2026-05-19 09:24:23 +02:00
59db25f34e
SQSCANGHA-145 Set skipSignatureVerification default value to false ( #241 )
2026-04-29 14:23:12 +02:00
c7ee0f9df9
SQSCANGHA-140 Set skipSignatureVerification default value to true to avoid breaking change ( #240 )
...
Co-authored-by: Gustavo Cunha <dev@gustavocunha.dev >
2026-04-29 10:13:05 +02:00
55e44800a8
SQSCANGHA-140 Add OpenPGP signature verification for scanner downloads ( #235 )
2026-04-28 15:49:48 +02:00
299e4b793a
SQSCANGHA-132 Upgrade Node to 24 ( #224 )
2026-04-01 11:14:54 +02:00
a31c9398be
SQSCANGHA-126 Update SonarScanner CLI to 8.0.1.6346 ( #218 )
2025-12-09 09:53:51 +01:00
ba6563cca7
Update SonarScanner CLI to 7.3.0.5189 ( #212 )
2025-10-06 09:29:17 +02:00
16df975da5
SQSCANGHA-113 Migrate scanner run step
2025-09-18 10:38:53 +02:00
ed9f3aad50
SQSCANGHA-112 Migrate installation step
2025-09-18 10:38:53 +02:00
6a808e9a20
SQSCANGHA-115 Migrate sanity checks
2025-09-18 10:38:53 +02:00
1a6d90ebcb
SQSCANGHA-102 Pin actions/cache to a full-length commit SHA ( #199 )
2025-08-28 12:18:32 +02:00
016cabf33a
SQSCANGHA-101 Add more command injection tests
2025-08-28 10:57:10 +02:00
8c71dc039c
SQSCANGHA-98 Update SonarScanner CLI to 7.2.0.5079 ( #196 )
...
Co-authored-by: SonarTech <sonartech@sonarsource.com >
2025-07-22 10:45:53 +02:00
2500896589
SQSCANGHA-92 Validate scanner version ( #189 )
...
Co-authored-by: Julien HENRY <julien.henry@sonarsource.com >
2025-05-05 17:48:40 +02:00
be0a85295f
SQSCANGHA-89 Fix possible command injection
...
It is unlikely to be a real concern, since an attacker having the possibility to edit a pipeline can easily execute any command, but at least our step won't be involved
2025-04-29 12:17:00 +02:00
aa494459d7
SQSCANGHA-85 Update SonarScanner CLI to 7.1.0.4889 to support sonar.region=us
2025-03-24 15:16:27 +01:00
550777f6eb
NO-JIRA Remove superfluous space from action description
2025-02-20 12:02:15 +01:00
0303d6b62e
Update SonarScanner CLI to 7.0.2.4839
2025-02-14 14:05:04 +01:00
3ed7560138
SQSCANGHA-82 Automate the update of the Scanner CLI version
2025-02-14 12:33:25 +01:00
bfd4e558cd
SQSCANGHA-77 Change title back to SonarQube Scan Action ( #166 )
2024-12-17 10:59:50 +01:00
00e62e1190
SQCPPGHA-9 Extend action to support C, C++, and Objective-C projects ( #161 )
2024-12-16 10:24:14 +01:00
a36db763ac
SQSCANGHA-64 Shorten action description to respect 125 chars limit ( #157 )
2024-12-09 10:56:27 +01:00
7b13cfe195
SQSCANGHA-54 Rebranding
2024-11-28 10:41:20 +01:00
05ca09c2da
SQSCANGHA-51 Make Scanner CLI binaries URL customizable
2024-11-28 08:06:29 +01:00
6440c73982
SQSCANGHA-56 Support GitHub self-hosted runners without keytool
2024-11-28 07:36:28 +01:00
94d4f8ac4a
SQSCANGHA-46 Replace the Docker action by a composite action
2024-11-12 14:17:50 +01:00
fd8151470c
SQSCANGHA-3 Permission cleanup doesn't run if the scanner exits with a non-0 code ( #33 )
2022-07-05 15:15:01 +02:00
7ed48e279f
Update action.yml
2021-05-17 08:28:26 +02:00
3e4828d307
Update marketing wording
2021-05-14 15:15:45 +02:00
71de302835
SONAR-14822 Provide a GitHub Action to scan a project
2021-05-14 10:14:11 +02:00
Julien HENRY
SonarTech
Antoine Vinot
Claire Villard
github-actions[bot]
Jeremy Davis
Daan Timmer
Aleksandra Bozhinoska
csaba-feher-sonarsource
Adam Setch
Antonio Aversa
Benjamin Svobodny
Wouter Admiraal
Wouter Admiraal