Skip to content
This repository was archived by the owner on Jun 26, 2026. It is now read-only.

chore(deps): bump SonarSource/sonarqube-scan-action from 6.0.0 to 8.2.0#179

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/SonarSource/sonarqube-scan-action-8.2.0
Open

chore(deps): bump SonarSource/sonarqube-scan-action from 6.0.0 to 8.2.0#179
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/SonarSource/sonarqube-scan-action-8.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026
edited by macroscopeapp Bot
Loading

Copy link
Copy Markdown
Contributor

Bumps SonarSource/sonarqube-scan-action from 6.0.0 to 8.2.0.

Release notes

Sourced from SonarSource/sonarqube-scan-action's releases.

v8.2.0

What's Changed

Full Changelog: SonarSource/sonarqube-scan-action@v8...v8.2.0

v8.1.0

What's Changed

Full Changelog: SonarSource/sonarqube-scan-action@v8...v8.1.0

v8.0.0

What's Changed

Breaking change

Full Changelog: SonarSource/sonarqube-scan-action@v7...v8.0.0

v7.2.1

What's Changed

Full Changelog: SonarSource/sonarqube-scan-action@v7...v7.2.1

v7.2.0

What's Changed

Full Changelog: SonarSource/sonarqube-scan-action@v7...v7.2.0

v7.1.0

What's Changed

... (truncated)

Commits
  • 7138816 SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows (#251)
  • 3581139 SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4...
  • c9d327c SQSCANGHA-84 Remove outdated wget/curl references
  • b243e51 SQSCANGHA-88 Deprecate the SONARCLOUD_URL env variable support
  • 375c3f5 SQSCANGHA-149 Add scannerBinariesAuthHeader input for authenticated binary do...
  • 9c78323 SQSCANGHA-144 Add gate jobs to QA workflows for branch protection
  • 7006c44 Update SonarScanner CLI to 8.1.0.6389
  • edd319f NO-JIRA Bump actions/setup-node from 6.3.0 to 6.4.0 (#234)
  • e050aa9 NO-JIRA Bump actions/cache from 5.0.4 to 5.0.5 (#231)
  • 6cd3d8f NO-JIRA Bump madhead/semver-utils from 4.3.0 to 5.0.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Bump SonarSource/sonarqube-scan-action from v6.0.0 to v8.2.0

Updates the pinned action version in sonarcloud.yml to use the latest release.

Macroscope summarized 3abc3e6.

@dependabot
chore(deps): bump SonarSource/sonarqube-scan-action from 6.0.0 to 8.2.0
3abc3e6 
Bumps [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 6.0.0 to 8.2.0.
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases)
- [Commits](SonarSource/sonarqube-scan-action@fd88b7d...7138816)

---
updated-dependencies:
- dependency-name: SonarSource/sonarqube-scan-action
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: ci. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests updating dependencies label Jun 23, 2026
@dependabot dependabot Bot requested a review from KooshaPari as a code owner June 23, 2026 09:07
@dependabot dependabot Bot added the dependencies Pull requests updating dependencies label Jun 23, 2026
@codeant-ai

codeant-ai Bot commented Jun 23, 2026

Copy link
Copy Markdown

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Jun 23, 2026

Copy link
Copy Markdown

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Repo admins can enable using credits for code reviews in their settings.

@sonarqubecloud

sonarqubecloud Bot commented Jun 23, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

kilo-code-bot[bot]
kilo-code-bot Bot reviewed Jun 24, 2026
View reviewed changes
Comment thread .github/workflows/sonarcloud.yml
fetch-depth: 0
- name: SonarCloud Scan
uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0
uses: SonarSource/sonarqube-scan-action@713881670b6b3676cda39549040e2d88c70d582e # v8.2.0

@kilo-code-bot kilo-code-bot Bot Jun 24, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: Breaking change — skipSignatureVerification now defaults to false

v8.0.0 introduced a breaking change where the skipSignatureVerification input defaults to false. This workflow does not explicitly set it, so the action will now attempt GPG signature verification on scanner downloads. If keyserver access or GPG setup is not reliable in this environment, the scan will fail to execute entirely (the continue-on-error: true mask may prevent pipeline failure but will also hide the issue).

Recommend explicitly setting skipSignatureVerification: true to preserve the previous v6 behavior, or verifying locally that signature verification succeeds in your CI environment.

Suggested change
uses: SonarSource/sonarqube-scan-action@713881670b6b3676cda39549040e2d88c70d582e # v8.2.0
uses: SonarSource/sonarqube-scan-action@713881670b6b3676cda39549040e2d88c70d582e # v8.2.0
with:
skipSignatureVerification: true

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@kilo-code-bot

kilo-code-bot Bot commented Jun 24, 2026
edited
Loading

Copy link
Copy Markdown

Code Review Summary

Status: 1 Warning Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
.github/workflows/sonarcloud.yml 22 Breaking change: skipSignatureVerification now defaults to false in v8.x; explicit input should be set to preserve prior behavior
Files Reviewed (1 file)
  • .github/workflows/sonarcloud.yml — 1 warning

Fix these issues in Kilo Cloud

Reviewed by step-3.7-flash-20260528 · Input: 82.7K · Output: 3.3K · Cached: 218.6K

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@KooshaPari KooshaPari Awaiting requested review from KooshaPari KooshaPari is a code owner
1 more reviewer
@kilo-code-bot kilo-code-bot[bot] kilo-code-bot[bot] left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests updating dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants