CODEOWNERS

@@ -1 +1 @@
-* @dwisiswant0
+* @kitabisa/security @dwisiswant0

README.md

@@ -2,7 +2,7 @@
 
 Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!
 
-<img src="https://assets-eu-01.kc-usercontent.com/d1e40bf0-65fc-01ef-5235-9aeaedac229b/12e3974b-220d-4cde-8f17-2ff9fa9d9c27/SonarQube_Logo.svg" width="320px">
+<img src="https://www.sonarqube.org/assets/logo-31ad3115b1b4b120f3d1efd63e6b13ac9f1f89437f0cf6881cc4d8b5603a52b4.svg" width="320px">
 
 SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
 
@@ -58,20 +58,17 @@ with:
 
 These are some of the supported input parameters of action.
 
-| **Parameter**        | **Description**                                   | **Required?** | **Default** | **Note**                                                                                      |
+- `host` - **_(Required)_** this is the SonarQube server URL.
-|----------------------|---------------------------------------------------|---------------|-------------|-----------------------------------------------------------------------------------------------|
+- `login` - **_(Required)_** the login or authentication token of a SonarQube user with Execute Analysis permission on the project. See [how to generate SonarQube token](https://docs.sonarqube.org/latest/user-guide/user-token/).
-| **`host`**           | SonarQube server URL                              | 🟢            |             |                                                                                               |
+- `password` - The password that goes with the `login` username. This should be left blank if an `login` are authentication token.
-| **`login`**          | Login or authentication token of a SonarQube user | 🟢            |             | `Execute Analysis` permission required.                                                       |
+- `projectBaseDir` - Set custom project base directory analysis.
-| **`password`**       | The password that goes with the `login` username  | 🔴            |             | This should be left blank if an `login` are authentication token.                             |
+- `projectKey` - The project's unique key _(allowed characters are: letters, numbers, `-`, `_`, `.` and `:`, with at least one non-digit)_.
-| **`projectBaseDir`** | Set custom project base directory analysis        | 🔴            | `.`         |                                                                                               |
+- `projectName` - Name of the project that will be displayed on the SonarQube web interface.
-| **`projectKey`**     | The project's unique key                          | 🔴            |             | Allowed characters are: letters, numbers, `-`, `_`, `.` and `:`, with at least one non-digit. |
+- `projectVersion` - The project version.
-| **`projectName`**    | Name of the project                               | 🔴            |             | It will be displayed on the SonarQube web interface.                                          |
+- `encoding` - Encoding of the source code. Default is UTF-8.
-| **`projectVersion`** | The project version                               | 🔴            |             |                                                                                               |
-| **`encoding`**       | Encoding of the source code                       | 🔴            | `UTF-8`     |                                                                                               |
 
-
+> **Note**:
-> [!NOTE]
+> If you're thinking of setting project metadata & other related things in a **`sonar-project.properties`** configuration file _(must be declared in the base directory `projectBaseDir`)_ instead of going through the [input parameters](#inputs), this action supports that!
-> If you opt to configure the project metadata and other related settings in a **`sonar-project.properties`** file (must be placed within the base directory, `projectBaseDir`) instead of using input parameters, this action is compatible with that approach!
 
 ## License
 

entrypoint.sh

@@ -11,19 +11,19 @@ else
   SONAR_PASSWORD=""
 fi
 
-if [[ -f "${INPUT_PROJECTBASEDIR%/}/pom.xml" ]]; then
+if [[ -f "${INPUT_PROJECTBASEDIR%/}pom.xml" ]]; then
-  echo "::error file=${INPUT_PROJECTBASEDIR%/}/pom.xml::Maven project detected. You should run the goal 'org.sonarsource.scanner.maven:sonar' during build rather than using this GitHub Action."
+  echo "::error file=${INPUT_PROJECTBASEDIR%/}pom.xml::Maven project detected. You should run the goal 'org.sonarsource.scanner.maven:sonar' during build rather than using this GitHub Action."
   exit 1
 fi
 
-if [[ -f "${INPUT_PROJECTBASEDIR%/}/build.gradle" ]]; then
+if [[ -f "${INPUT_PROJECTBASEDIR%/}build.gradle" ]]; then
-  echo "::error file=${INPUT_PROJECTBASEDIR%/}/build.gradle::Gradle project detected. You should use the SonarQube plugin for Gradle during build rather than using this GitHub Action."
+  echo "::error file=${INPUT_PROJECTBASEDIR%/}build.gradle::Gradle project detected. You should use the SonarQube plugin for Gradle during build rather than using this GitHub Action."
   exit 1
 fi
 
 unset JAVA_HOME
 
-if [[ ! -f "${INPUT_PROJECTBASEDIR%/}/sonar-project.properties" ]]; then
+if [[ ! -f "${INPUT_PROJECTBASEDIR%/}sonar-project.properties" ]]; then
   [[ -z "${INPUT_PROJECTKEY}" ]] && SONAR_PROJECTKEY="${REPOSITORY_NAME}" || SONAR_PROJECTKEY="${INPUT_PROJECTKEY}"
   [[ -z "${INPUT_PROJECTNAME}" ]] && SONAR_PROJECTNAME="${REPOSITORY_NAME}" || SONAR_PROJECTNAME="${INPUT_PROJECTNAME}"
   [[ -z "${INPUT_PROJECTVERSION}" ]] && SONAR_PROJECTVERSION="" || SONAR_PROJECTVERSION="${INPUT_PROJECTVERSION}"