SQSCANGHA-121 Add vulnerability warning

.github/CODEOWNERS

@@ -1 +1 @@
-.github/CODEOWNERS @sonarsource/orchestration-processing-squad
+.github/CODEOWNERS @sonarsource/analysis-experience-squad

.github/workflows/PullRequestClosed.yml

@@ -5,8 +5,8 @@ on:
     types: [closed]
 
 jobs:
-  PullRequestClosed_job:
+  PullRequestMerged_job:
-    name: Pull Request Closed
+    name: Pull Request Merged
     runs-on: ubuntu-latest
     permissions:
       id-token: write
@@ -14,6 +14,7 @@ jobs:
     # For external PR, ticket should be moved manually
     if: |
         github.event.pull_request.head.repo.full_name == github.repository
+        && github.event.pull_request.merged
     steps:
       - id: secrets
         uses: SonarSource/vault-action-wrapper@v3

.github/workflows/qa-main.yml

@@ -333,7 +333,7 @@ jobs:
       - name: Run action with SONARCLOUD_URL
         uses: ./
         with:
-          args: -Dsonar.scanner.apiBaseUrl=api.mirror.sonarcloud.io -Dsonar.scanner.internal.dumpToFile=./output.properties
+          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
         env:
           SONARCLOUD_URL: mirror.sonarcloud.io
           SONAR_TOKEN: FAKE_TOKEN
@@ -449,7 +449,6 @@ jobs:
         id: runTest
         uses: ./
         with:
-          scannerVersion: 6.2.1.4610
           scannerBinariesUrl: http://localhost:8080/clientRedirectToSonarBinaries
         env:
           NO_CACHE: true

.github/workflows/version_update.yml

@@ -8,12 +8,9 @@ jobs:
   update-version:
     name: Prepare pull request for sonar-scanner version update
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
     steps:
       - run: sudo apt install -y jq
-      - run: sudo snap install yq
+
       - uses: actions/checkout@v4
         with:
           ref: master
@@ -31,26 +28,19 @@ jobs:
         run: |
           ./scripts/fetch_latest_version.sh > sonar-scanner-version
           cat sonar-scanner-version >> $GITHUB_OUTPUT
-      - name: "Update default version"
+
-        if: steps.tagged-version.outputs.sonar-scanner-version != steps.latest-version.outputs.sonar-scanner-version
-        shell: bash
-        env:
-          NEW_VERSION: ${{ steps.latest-version.outputs.sonar-scanner-version }}
-        run: |
-           yq -i '.inputs.scannerVersion.default = strenv(NEW_VERSION)' action.yml
       - name: "Create Pull Request for version update"
         if: steps.tagged-version.outputs.sonar-scanner-version != steps.latest-version.outputs.sonar-scanner-version
         shell: bash
         env:
           UPDATE_BRANCH: update-to-sonar-scanner-${{ steps.latest-version.outputs.sonar-scanner-version }}
-          TITLE: "Update SonarScanner CLI to ${{ steps.latest-version.outputs.sonar-scanner-version }}"
+          TITLE: "Update sonar-scanner-version to ${{ steps.latest-version.outputs.sonar-scanner-version }}"
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           git config --global user.name "SonarTech"
           git config --global user.email "sonartech@sonarsource.com"
           git checkout -b ${UPDATE_BRANCH}
           git add sonar-scanner-version
-          git add action.yml
           git commit -m "${TITLE}"
           git push --force-with-lease origin ${UPDATE_BRANCH}
           gh pr list

README.md

@@ -2,10 +2,8 @@
 
 This SonarSource project, available as a GitHub Action, scans your projects with SonarQube [Server](https://www.sonarsource.com/products/sonarqube/) or [Cloud](https://www.sonarsource.com/products/sonarcloud/).
 
-<picture>
+![Logo](./images/SQ_Logo_Server_Cloud_Dark_Backgrounds.png#gh-dark-mode-only)
-  <source media="(prefers-color-scheme: dark)" srcset="./images/SQ_Logo_Server_Cloud_Dark_Backgrounds.png">
+![Logo](./images/SQ_Logo_Server_Cloud_Light_Backgrounds.png#gh-light-mode-only)
-  <img alt="SonarQube Logo" src="./images/SQ_Logo_Server_Cloud_Light_Backgrounds.png">
-</picture>
 
 SonarQube [Server](https://www.sonarsource.com/products/sonarqube/) and [Cloud](https://www.sonarsource.com/products/sonarcloud/) (formerly SonarQube and SonarCloud) is a widely used static analysis solution for continuous code quality and security inspection.
 
@@ -104,21 +102,20 @@ jobs:
     - name: Install Build Wrapper
       uses: SonarSource/sonarqube-scan-action/install-build-wrapper@<action version>
       env:
-        SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}
+        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
     - name: Run Build Wrapper
       run: |
-        # Here goes your compilation wrapped with Build Wrapper
+        # here goes your compilation wrapped with build-wrapper; See https://docs.sonarsource.com/sonarqube/latest/ analyzing-source-code/languages/c-family/#using-build-wrapper for more information
-        # For more information, see https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/languages/c-family/prerequisites/#using-buildwrapper
         # build-preparation steps
         # build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} build-command
     - name: SonarQube Scan
       uses: SonarSource/sonarqube-scan-action@<action version>
       env:
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}
+        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
         SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
       with:
-        # Consult https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/sonarscanner/ for more information and options
+        # Consult https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/scanners/sonarscanner/ for more information and options
         args: >
           --define sonar.cfamily.compile-commands="${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json" 
 ```
@@ -207,8 +204,7 @@ jobs:
       uses: SonarSource/sonarqube-scan-action/install-build-wrapper@<action version>
     - name: Run Build Wrapper
       run: |
-        # Here goes your compilation wrapped with Build Wrapper
+        # here goes your compilation wrapped with build-wrapper; See https://docs.sonarsource.com/sonarqube/latest/ analyzing-source-code/languages/c-family/#using-build-wrapper for more information
-        # For more information, see https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/languages/c-family/prerequisites/#using-build-wrapper
         # build-preparation steps
         # build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} build-command
     - name: SonarQube Scan
@@ -217,7 +213,7 @@ jobs:
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
       with:
-        # Consult https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/sonarscanner/ for more information and options
+        # Consult https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/scanners/sonarscanner/ for more information and options
         args: >
           --define sonar.cfamily.compile-commands="${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json" 
 ```

action.yml

@@ -1,8 +1,8 @@
 name: Official SonarQube Scan
 # Warning: changing name would change URL in the marketplace
 description: >
-  Scan your code with SonarQube Server and Cloud to detect issues in 30+ languages. (Formerly SonarQube and SonarCloud)
+  Scan your code with SonarQube Server and Cloud to detect 
-
+  issues in 30+ languages. (Formerly SonarQube and SonarCloud)
 branding:
   icon: check
   color: green
@@ -16,8 +16,7 @@ inputs:
   scannerVersion:
     description: Version of the Sonar Scanner CLI to use
     required: false
-    # to be kept in sync with sonar-scanner-version
+    default: 6.2.1.4610 # to be kept in sync with sonar-scanner-version
-    default: 7.1.0.4889
   scannerBinariesUrl:
     description: URL to download the Sonar Scanner CLI binaries from
     required: false
@@ -30,6 +29,9 @@ runs:
       shell: bash
       env:
         INPUT_PROJECTBASEDIR: ${{ inputs.projectBaseDir }}
+    - name: Vulnerability warning
+      shell: bash
+      run: echo "::warning title=Vulnerability warning::This version of the SonarQube Scanner GitHub Action is no longer supported and contains a security vulnerability. Please update your workflow to use sonarsource/sonarqube-scan-action@v6 for the latest security patches and features. For more information visit https://community.sonarsource.com/gha-v6-update"
     - name: Load Sonar Scanner CLI from cache
       id: sonar-scanner-cli
       uses: actions/cache@v4

sonar-scanner-version

@@ -1,11 +1,11 @@
-sonar-scanner-version=7.1.0.4889
+sonar-scanner-version=6.2.1.4610
-sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-windows-x64.zip
+sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610-windows-x64.zip
-sonar-scanner-sha-windows-x64=64c5154d3d924eb2e03386f10eecb3ec4132298e2c1bf0b60a0d0195cd51a555
+sonar-scanner-sha-windows-x64=b7de8d75c43093e0353e6a3147c3720cafac1c38da96bc61123657197086a1c9
-sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-linux-x64.zip
+sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610-linux-x64.zip
-sonar-scanner-sha-linux-x64=b4d2a001d65b489f9effe1ea8a78495db1b152f124d7f7b058aad8651c7e1484
+sonar-scanner-sha-linux-x64=0b8a3049f0bd5de7abc1582c78c233960d3d4ed7cc983a1d1635e8552f8bb439
-sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-linux-aarch64.zip
+sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610-linux-aarch64.zip
-sonar-scanner-sha-linux-aarch64=7948ccde77843829b87d41815ead669486f681cd38b0b0893006083a9b6f6b5c
+sonar-scanner-sha-linux-aarch64=f67819e7a52ed4c28b541baa5bca0621446314de148f889d7d2d7ff239808f0c
-sonar-scanner-url-macosx-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-macosx-x64.zip
+sonar-scanner-url-macosx-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610-macosx-x64.zip
-sonar-scanner-sha-macosx-x64=08ad1e75994d91a17016ce55248d0827b62a757b263917234ea2d89bee8f136d
+sonar-scanner-sha-macosx-x64=471348fcb912584f093cebf28114322455979d2cceb1654e0a7990da50add94f
-sonar-scanner-url-macosx-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-macosx-aarch64.zip
+sonar-scanner-url-macosx-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610-macosx-aarch64.zip
-sonar-scanner-sha-macosx-aarch64=9ad8c5da9e9665c065328b86adb3f33ef43801347ecb3ff1ec27d598ac37b449
+sonar-scanner-sha-macosx-aarch64=583b1ed386b6f61ddfbb39c0ae169355e96a8e1852b0210a5a5ca4f7487347c1