SONARJAVA-5934 Fix CI #5380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed

leonardo-pilastri-sonarsource wants to merge 5 commits into master from lp/fix-ci

Closed

SONARJAVA-5934 Fix CI #5380

Use mise 3.5.1

SonarQube-Next / SonarQube Code Analysis failed Jan 5, 2026 in 2m 30s

Quality Gate failed

Failed conditions
7 Security Hotspots

See analysis details on SonarQube

Annotations

Check warning on line 29 in .github/workflows/build.yml

sonarqube-next / SonarQube Code Analysis

Use full commit SHA hash for this dependency.

[S7637] Using external GitHub actions and workflows without a commit reference is security-sensitive
 See more on https://next.sonarqube.com/sonarqube/project/issues?id=org.sonarsource.java%3Ajava&pullRequest=5380&issues=01aa6781-b360-4ef7-bf80-fc88e2dd1055&open=01aa6781-b360-4ef7-bf80-fc88e2dd1055

Check warning on line 293 in .github/workflows/build.yml

sonarqube-next / SonarQube Code Analysis

Use full commit SHA hash for this dependency.

[S7637] Using external GitHub actions and workflows without a commit reference is security-sensitive
 See more on https://next.sonarqube.com/sonarqube/project/issues?id=org.sonarsource.java%3Ajava&pullRequest=5380&issues=c995823b-0448-4a7a-9936-7f751bb44d52&open=c995823b-0448-4a7a-9936-7f751bb44d52

Check warning on line 151 in .github/workflows/build.yml

sonarqube-next / SonarQube Code Analysis

Use full commit SHA hash for this dependency.

[S7637] Using external GitHub actions and workflows without a commit reference is security-sensitive
 See more on https://next.sonarqube.com/sonarqube/project/issues?id=org.sonarsource.java%3Ajava&pullRequest=5380&issues=3b95e954-2bcb-488a-8e4a-711c3f3c3576&open=3b95e954-2bcb-488a-8e4a-711c3f3c3576

Check warning on line 116 in .github/workflows/build.yml

sonarqube-next / SonarQube Code Analysis

Use full commit SHA hash for this dependency.

[S7637] Using external GitHub actions and workflows without a commit reference is security-sensitive
 See more on https://next.sonarqube.com/sonarqube/project/issues?id=org.sonarsource.java%3Ajava&pullRequest=5380&issues=b29b3d92-7d5f-4c80-bdac-3bd486a47698&open=b29b3d92-7d5f-4c80-bdac-3bd486a47698

Check warning on line 193 in .github/workflows/build.yml

sonarqube-next / SonarQube Code Analysis

Use full commit SHA hash for this dependency.

[S7637] Using external GitHub actions and workflows without a commit reference is security-sensitive
 See more on https://next.sonarqube.com/sonarqube/project/issues?id=org.sonarsource.java%3Ajava&pullRequest=5380&issues=8ec9a7fb-584d-49b9-9161-3cd3c9c57744&open=8ec9a7fb-584d-49b9-9161-3cd3c9c57744

Check warning on line 244 in .github/workflows/build.yml

sonarqube-next / SonarQube Code Analysis

Use full commit SHA hash for this dependency.

[S7637] Using external GitHub actions and workflows without a commit reference is security-sensitive
 See more on https://next.sonarqube.com/sonarqube/project/issues?id=org.sonarsource.java%3Ajava&pullRequest=5380&issues=4cee8dad-4fb4-466a-9bd3-5fd4f6de41e3&open=4cee8dad-4fb4-466a-9bd3-5fd4f6de41e3

Check warning on line 71 in .github/workflows/build.yml

sonarqube-next / SonarQube Code Analysis

Use full commit SHA hash for this dependency.

[S7637] Using external GitHub actions and workflows without a commit reference is security-sensitive
 See more on https://next.sonarqube.com/sonarqube/project/issues?id=org.sonarsource.java%3Ajava&pullRequest=5380&issues=fd0f1556-5ccb-4d2d-97c2-82d4f3be0894&open=fd0f1556-5ccb-4d2d-97c2-82d4f3be0894

View more details on SonarQube-Next