security: SONAR_TOKEN is exposed publicly

The GitHub Actions [Antenna Build](https://github.com/eclipse/antenna/blob/7777c1196704cef1295614c9b6d4975a7a35fe49/.github/workflows/pull_request_build.yml#L10) has a security vulnerability which can be exploited to run scans for the project provided the pom has been been configured for the same.

I would request you to add this to the [**secrets**](https://github.com/eclipse/antenna/blob/7777c1196704cef1295614c9b6d4975a7a35fe49/.github/workflows/pull_request_build.yml#L62).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

security: SONAR_TOKEN is exposed publicly #640

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

security: SONAR_TOKEN is exposed publicly #640

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions