This repository is owned by the Analysis Experience squad

https://docs.google.com/document/d/1XhLeIhXWOzyWGJlJYp9OqYbkP5KQ-Gvx1a0O5JHTQsY/edit

.github/CODEOWNERS

@@ -1 +1 @@
-.github/CODEOWNERS @sonarsource/sonarqube-team
+.github/CODEOWNERS @sonarsource/analysis-experience-squad

.github/dependabot.yml

@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      timezone: "CET"
+    open-pull-requests-limit: 100
+    commit-message:
+      prefix: "NO-JIRA "

.github/workflows/qa.yml

@@ -6,7 +6,7 @@ jobs:
   run_qa:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - run: ./test/run-qa.sh

.github/workflows/update-tags.yml

@@ -13,10 +13,10 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Parse semver
-        uses: madhead/semver-utils@v2
+        uses: madhead/semver-utils@latest
         id: version
         with:
           version: ${{ github.ref_name }}

Dockerfile

@@ -1,6 +1,6 @@
-FROM sonarsource/sonar-scanner-cli:4.8
+FROM sonarsource/sonar-scanner-cli:5.0.1
 
-LABEL version="1.2.0" \
+LABEL version="2.0.1" \
       repository="https://github.com/sonarsource/sonarqube-scan-action" \
       homepage="https://github.com/sonarsource/sonarqube-scan-action" \
       maintainer="SonarSource" \

README.md

@@ -1,10 +1,13 @@
 # Scan your code with SonarQube [![QA](https://github.com/SonarSource/sonarqube-scan-action/actions/workflows/qa.yml/badge.svg)](https://github.com/SonarSource/sonarqube-scan-action/actions/workflows/qa.yml)
 
-Using this GitHub Action, scan your code with [SonarQube](https://www.sonarqube.org/) to detects Bugs, Vulnerabilities and Code Smells in up to 27 programming languages!
+This SonarSource project, available as a GitHub Action, scans your projects with SonarQube, and helps developers produce 
+[Clean Code](https://www.sonarsource.com/solutions/clean-code/?utm_medium=referral&utm_source=github&utm_campaign=clean-code&utm_content=sonarqube-scan-action).
 
 <img src="./images/SonarQube-72px.png">
 
-SonarQube is the leading product for Continuous Code Quality & Code Security. It supports most popular programming languages, including Java, JavaScript, TypeScript, C#, Python, C, C++, and many more.
+[SonarQube](https://www.sonarsource.com/products/sonarqube/) is a widely used static analysis solution for continuous code quality and security inspection. 
+It helps developers identify and fix issues in their code that could lead to bugs, vulnerabilities, or decreased development velocity.
+SonarQube supports the most popular programming languages, including Java, JavaScript, TypeScript, C#, Python, C, C++, and [many more](https://www.sonarsource.com/knowledge/languages/).
 
 ## Requirements
 
@@ -20,7 +23,7 @@ Project metadata, including the location to the sources to be analyzed, must be
 sonar.projectKey=<replace with the key generated when setting up the project on SonarQube>
 
 # relative paths to source directories. More details and properties are described
-# in https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/ 
+# at https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/ 
 sonar.sources=.
 ```
 
@@ -43,9 +46,9 @@ jobs:
   sonarqube:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
       with:
-        # Disabling shallow clone is recommended for improving relevancy of reporting
+        # Disabling shallow clones is recommended for improving the relevancy of reporting
         fetch-depth: 0
     - name: SonarQube Scan
       uses: sonarsource/sonarqube-scan-action@master
@@ -65,7 +68,7 @@ If your source code file names contain special characters that are not covered b
         LC_ALL: "ru_RU.UTF-8"
 ```
 
-If your SonarQube server uses a self-signed certificate, you can pass a root certificate (in PEM format) to the java certificate store:
+If your SonarQube server uses a self-signed certificate, you can pass a root certificate (in PEM format) to the Java certificate store:
 
 ```yaml
     - name: SonarQube Scan
@@ -115,7 +118,7 @@ This GitHub Action will not work for all technologies. If you are in one of the
 * You want to analyze a .NET solution. Read the documentation about our [Scanner for .NET](https://redirect.sonarsource.com/doc/install-configure-scanner-msbuild.html).
 * You want to analyze C/C++ code. Read the documentation on [analyzing C/C++ code](https://docs.sonarqube.org/latest/analysis/languages/cfamily/).
 
-## Have question or feedback?
+## Have questions or feedback?
 
 To provide feedback (requesting a feature or reporting a bug) please post on the [SonarSource Community Forum](https://community.sonarsource.com/tags/c/help/sq/github-actions).
 
@@ -123,4 +126,4 @@ To provide feedback (requesting a feature or reporting a bug) please post on the
 
 The Dockerfile and associated scripts and documentation in this project are released under the LGPLv3 License.
 
-Container images built with this project include third party materials.
+Container images built with this project include third-party materials.