This is what i like to avoid, because I want to use it on a public runner, the other option would be to pass the asset using a different workflow but if it can be fixed at the source it will help.
I have tested along this archive:
https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
sha256: 1b79910fb03e4287bab3c60dcd77dbb53b5a65a31ec39548bea0ee1f042f323a
But a warning is shown about a version mismatch.
So please consider provide a public stable versioned URL like the scanner.
Relate-to: New Github action for C++ Docker project - #5 by rzr