Skip to content

SC-27381 Add shadow scan github workflow #637

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

SC-27381 Add shadow scan github workflow #637

wants to merge 1 commit into from

Conversation

@johann-beleites-sonarsource
Copy link
Contributor

@johann-beleites-sonarsource johann-beleites-sonarsource commented Sep 3, 2025

No description provided.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 3, 2025

🤖 Pull Request summary

Adds automated shadow scanning workflow with daily execution.

• New GitHub Actions workflow triggers daily at 1 AM UTC plus manual dispatch
• Integrates Vault for secure Artifactory token management
• Uses mise for Java 17 and Gradle 8.10.1 toolchain management
• Configures Gradle build with sonar analysis using dogfooding actions
• Implements IRIS analysis across multiple SonarQube platforms (Next, SQC-EU, SQC-US)

Focus review on Vault token permissions and cron schedule accuracy.

💬 Please send your feedback

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@johann-beleites-sonarsource johann-beleites-sonarsource force-pushed the jb/SC-27381-unified-dogfooding branch 5 times, most recently from 8fc5f78 to 5088700 Compare September 4, 2025 15:58
@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 5, 2025

🤖 Pull Request summary

Adds automated shadow scanning workflow for cross-platform code analysis.

GitHub workflow: New daily scheduled workflow at 01:00 UTC with manual trigger support
Security integration: Vault authentication for Artifactory and SonarCloud token access
Build tooling: Adds mise configuration for Java 17 and Gradle 8.10.1
Analysis setup: Manual Gradle SonarCloud scan with hardcoded project parameters
IRIS integration: Cross-platform analysis comparing Next, SQC-EU, and SQC-US platforms

Review focus: Hardcoded values in the Gradle command should be parameterized for maintainability.

💬 Please send your feedback

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqube-next
Copy link

sonarqube-next bot commented Sep 5, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@johann-beleites-sonarsource johann-beleites-sonarsource force-pushed the jb/SC-27381-unified-dogfooding branch 2 times, most recently from 5964d5f to 94ced1c Compare October 8, 2025 12:13
@sonarqube-next
Copy link

sonarqube-next bot commented Oct 8, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@johann-beleites-sonarsource johann-beleites-sonarsource force-pushed the jb/SC-27381-unified-dogfooding branch 2 times, most recently from 62d1fc3 to 1b44a17 Compare October 28, 2025 10:18
@johann-beleites-sonarsource
Add shadow scan github workflow
71b462e 
Running an analysis each night on SQC EU & US in addition to the
analysis on next on every commit.
@sonarqube-next
Copy link

sonarqube-next bot commented Oct 29, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@johann-beleites-sonarsource