Skip to content

CI: modernize Sonar scan workflow#3

Merged
sylvain-combe-sonarsource merged 2 commits into
4.xfrom
adhoc/pipeline-updates-no-sca
Jan 6, 2026
Merged

CI: modernize Sonar scan workflow#3
sylvain-combe-sonarsource merged 2 commits into
4.xfrom
adhoc/pipeline-updates-no-sca

Sonar: set projectKey to SonarSource-Demos_opencv

23e8bbf
Select commit
Loading
Failed to load commit list.
Sonar-Nautilus / SonarQube Code Analysis succeeded Jan 6, 2026 in 2h 30m 24s

Annotations

Check warning on line 30 in .github/workflows/sonar.yaml

See this annotation in the file changed.

@sonar-nautilus sonar-nautilus / SonarQube Code Analysis

Use full commit SHA hash for this dependency.

[S7637] Using external GitHub actions and workflows without a commit reference is security-sensitive
 See more on https://nautilus.sonarqube.org/project/issues?id=SonarSource-Demos_opencv&pullRequest=3&issues=300cd175-b4ce-4b70-bc17-74810a6b324b&open=300cd175-b4ce-4b70-bc17-74810a6b324b

Check warning on line 20 in .github/workflows/sonar.yaml

See this annotation in the file changed.

@sonar-nautilus sonar-nautilus / SonarQube Code Analysis

Use full commit SHA hash for this dependency.

[S7637] Using external GitHub actions and workflows without a commit reference is security-sensitive
 See more on https://nautilus.sonarqube.org/project/issues?id=SonarSource-Demos_opencv&pullRequest=3&issues=bbae2dce-7ce9-46a2-8752-9a638063f1cf&open=bbae2dce-7ce9-46a2-8752-9a638063f1cf