Update SonarScanner CLI to 8.0.0.6341

SQSCANGHA-123 NO-JIRA Bump actions/setup-node from 5 to 6 (#214 )
SQSCANGHA-122 Include caveats for running SCA (#213 )
2025-12-05 10:26:35 +00:00 · 2025-10-15 15:09:18 +02:00 · 2025-10-09 06:21:35 -05:00 · 2025-10-06 09:29:17 +02:00 · 2025-09-22 07:47:48 +02:00
4 changed files with 17 additions and 14 deletions
--- a/.github/workflows/unit-tests.yml
+++ b/.github/workflows/unit-tests.yml
@@ -13,7 +13,7 @@ jobs:
      - uses: actions/checkout@v5

      - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
        with:
          node-version: "20"
          cache: "npm"
--- a/README.md
+++ b/README.md
@@ -89,10 +89,13 @@ This GitHub Action will not work for all technologies. If you are in one of the
 * **Your code is built with Gradle**. Read the documentation about our SonarScanner for Gradle in SonarQube [Server](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/sonarscanner-for-gradle/) and [Cloud](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/ci-based-analysis/sonarscanner-for-gradle/).
 * **You want to analyze a .NET solution**. Read the documentation about our SonarScanner for .NET in SonarQube [Server](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/dotnet/introduction/) and [Cloud](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/ci-based-analysis/sonarscanner-for-dotnet/introduction/).

-**Also, do not use this GitHub action if:**
+**Do not use this GitHub action if:**

 * You want to run the action on C, C++, or Objective-C projects on a 32-bits system - build wrappers support only 64-bits OS.

+**If you want to use Software Composition Analysis (SCA)**
+
+Dependency scanning with SonarQube Advanced Security SCA may not work correctly if scanning requires on-the-fly manifest file generation. See the SCA analysis environment requirement documentation for [Cloud](https://docs.sonarsource.com/sonarqube-cloud/advanced-security/analyzing-projects-for-dependencies-sca#appropriate-environment) or [Server](https://docs.sonarsource.com/sonarqube-server/advanced-security/analyzing-projects-for-dependencies#appropriate-environment).

 ## Key requirements

--- a/action.yml
+++ b/action.yml
@@ -19,7 +19,7 @@ inputs:
    description: Version of the Sonar Scanner CLI to use
    required: false
    # to be kept in sync with sonar-scanner-version
-    default: 7.2.0.5079
+    default: 8.0.0.6341
  scannerBinariesUrl:
    description: URL to download the Sonar Scanner CLI binaries from
    required: false
--- a/22
+++ b/22
@@ -1,11 +1,11 @@
-sonar-scanner-version=7.2.0.5079
-sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-windows-x64.zip
-sonar-scanner-sha-windows-x64=71936f352206b63cb05ffbcd68e366e52d22916148cf4a2418789bc776f733ea
-sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-linux-x64.zip
-sonar-scanner-sha-linux-x64=da9f4e64a3d555f08ce38b5469ebd91fe2b311af473f7001a5ee5c1fd58b004b
-sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-linux-aarch64.zip
-sonar-scanner-sha-linux-aarch64=803ca725d463e95eeb7537515706367bb8e52bf05ac32174daf9773bdb36d1e2
-sonar-scanner-url-macosx-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-macosx-x64.zip
-sonar-scanner-sha-macosx-x64=7b9e92248ca740fff41503bfe5459c460bac43c501d80043cc4fbebb72dfc5fa
-sonar-scanner-url-macosx-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-macosx-aarch64.zip
-sonar-scanner-sha-macosx-aarch64=c8adb3fbfe5485c17de193a217be765b66cbc10d6540057655afa3c3b5be6f61
+sonar-scanner-version=8.0.0.6341
+sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-8.0.0.6341-windows-x64.zip
+sonar-scanner-sha-windows-x64=66cc20edd4825456f33f664cbc4a973483baffa1d9a396cab9d235502904ef2c
+sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-8.0.0.6341-linux-x64.zip
+sonar-scanner-sha-linux-x64=19ddffebad4a6bebf1273b35b3d6d171c9341dd5c3eeb5a0ac70f7166c363615
+sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-8.0.0.6341-linux-aarch64.zip
+sonar-scanner-sha-linux-aarch64=63f1da879a8c9f6b208e26d7e10930312af28b4f0b90874f32e811a5a3b54ab1
+sonar-scanner-url-macosx-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-8.0.0.6341-macosx-x64.zip
+sonar-scanner-sha-macosx-x64=fa697b90c2574af2f9e404c55681e625d07987de0cb6be75abe0f6ee1d4643e5
+sonar-scanner-url-macosx-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-8.0.0.6341-macosx-aarch64.zip
+sonar-scanner-sha-macosx-aarch64=37c107edeb353fb1e3246b624b9d67697b9d990d4451cf79ad99eda547e2dd16
Author	SHA1	Message	Date
SonarTech	04c9b7d14b	Update SonarScanner CLI to 8.0.0.6341	2025-12-05 10:26:35 +00:00
dependabot[bot]	40f5b61913	SQSCANGHA-123 NO-JIRA Bump actions/setup-node from 5 to 6 (#214 )	2025-10-15 15:09:18 +02:00
Brandon Davis	9bf7c126a1	SQSCANGHA-122 Include caveats for running SCA (#213 )	2025-10-09 06:21:35 -05:00
github-actions[bot]	ba6563cca7	Update SonarScanner CLI to 7.3.0.5189 (#212 )	2025-10-06 09:29:17 +02:00
dependabot[bot]	5ffbad4454	SQSCANGHA-120 Bump actions/setup-node from 4 to 5 (#211 )	2025-09-22 07:47:48 +02:00