QA Main action

BUILD-10861 Dependabot 5-day cooldown + internal excludes (#225) #263

Triggered via push April 2, 2026 13:07

claire-villard-sonarsource

pushed d899ed2

master

Status Success

Total duration 3m 58s

Artifacts –

qa-main.yml

on: push

'scannerVersion' input

'scannerBinariesUrl' input with invalid URL

29s

'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command

26s

'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command

56s

Don't fail on Gradle project

Don't fail on Kotlin Gradle project

Don't fail on Maven project

10s

runAnalysisTest

1m 48s

runAnalysisWithCacheTest

1m 30s

curl performs redirect when scannerBinariesUrl returns 3xx

44s

Analysis takes into account 'SONAR_ROOT_CERT'

1m 27s

truststore.p12 is updated when present

18s

'scannerVersion' input validation

Matrix: 'args' input with command injection will fail

Matrix: 'args' input

Matrix: 'args' input with backticks injection does not execute command

Matrix: 'args' input with dollar command injection does not execute command

Matrix: No inputs

Matrix: 'args' input with other command injection variants does not execute command

Matrix: 'SONARCLOUD_URL' is used

Matrix: 'projectBaseDir' input

Matrix: 'RUNNER_DEBUG' is used

Matrix: 'SONAR_ROOT_CERT' is converted to truststore

Annotations

12 errors and 48 warnings

'args' input with command injection will fail (github-ubuntu-latest-s, -Dsonar.someArg=aValue && ...

Action failed: The process '/opt/hostedtoolcache/sonar-scanner-cli/8.0.1.6346/linux-x64/bin/sonar-scanner' failed with exit code 1

'args' input with command injection will fail (macos-latest, -Dsonar.someArg=aValue && echo "Inje...

Action failed: The process '/Users/runner/hostedtoolcache/sonar-scanner-cli/8.0.1.6346/macosx-aarch64/bin/sonar-scanner' failed with exit code 1

'args' input with command injection will fail (macos-latest, -Dsonar.someArg="value\"; whoami; ec...

Action failed: The process '/Users/runner/hostedtoolcache/sonar-scanner-cli/8.0.1.6346/macosx-aarch64/bin/sonar-scanner' failed with exit code 1

'args' input with command injection will fail (github-ubuntu-latest-s, -Dsonar.someArg="value\"; ...

Action failed: The process '/opt/hostedtoolcache/sonar-scanner-cli/8.0.1.6346/linux-x64/bin/sonar-scanner' failed with exit code 1

'scannerVersion' input validation

Sanity checks failed: Invalid scannerVersion format. Expected format: x.y.z.w (e.g., 7.1.0.4889)

'scannerBinariesUrl' input with invalid URL

Action failed: getaddrinfo EAI_AGAIN invalid_uri

'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command

Action failed: Invalid URL

'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command

Action failed: Invalid URL

Analysis takes into account 'SONAR_ROOT_CERT'

Action failed: The process '/opt/hostedtoolcache/sonar-scanner-cli/8.0.1.6346/linux-x64/bin/sonar-scanner' failed with exit code 1

Analysis takes into account 'SONAR_ROOT_CERT'

Action failed: The process '/opt/hostedtoolcache/sonar-scanner-cli/8.0.1.6346/linux-x64/jre/bin/java' failed with exit code 1

'args' input with command injection will fail (github-windows-latest-s, -Dsonar.someArg=aValue &&...

Action failed: The process 'C:\hostedtoolcache\windows\sonar-scanner-cli\8.0.1.6346\windows-x64\bin\sonar-scanner.bat' failed with exit code 1

'args' input with command injection will fail (github-windows-latest-s, -Dsonar.someArg="value\";...

Action failed: The process 'C:\hostedtoolcache\windows\sonar-scanner-cli\8.0.1.6346\windows-x64\bin\sonar-scanner.bat' failed with exit code 1

'RUNNER_DEBUG' is used (github-ubuntu-latest-s)