Hi Team,
We received a recent notice on SonarQube Scanner GitHub Action, can you please confirm is there any means to identify the infected version from SonarQube either in UI or API.
Hi @Eunice
Kindly find the thread on the topic here: Security Advisory: SonarQube Scanner GitHub Action
Hope this helps answer your question.
Best,
Leith
Hi @leith.darawsheh ,
Couldn’t find how to find the infected version from SonarQube side!
If you can point me to the thread, it would be great!
Thank you for your response!
Hey @Eunice
There’s nothing to research from the SonarQube-side. This is about the sonarqube-scan-action that GitHub Actions users add into their GitHub actions workflow.
Since there is now a a GitHub Security Advisory which Dependabot users will automatically receive alerts and pull requests to update.
If you have any other questions, please follow up in the main thread.
A post was merged into an existing topic: Security Advisory: SonarQube Scanner GitHub Action