Dependabot PRs not analyzed

Regular PRs are analyzed properly, but PRs opened by Dependabot are not. I could not find any error in background tasks or anywhere else.

Using GitHub and GitHub Actions.

Thanks in advance for any help.

Hello @esasse,

Dependabot PRs will not be decorated due to the fact that they are triggered based on pull_request_target event instead of pull_request.

See related thread here: GitHub comments stopped working in GitHub action after switch to pull_request_target

Best,
Marcin

Thanks Marcin, but after reading the related thread, it’s not clear if it’s something I can resolve or if it’s not supported at all.

I’m using the workflow trigger as suggested by Sonar:

on:
  push:
    branches:
      - master
  pull_request:
    types: [opened, synchronize, reopened]

Can you help me change it to trigger for Dependabot PRs as well?

Thanks!

Hey @esasse,

Just to clarify, I may have misunderstood. So the problem is that, the Dependabot PRs are not triggering the SonarCloud analysis (using the workflow suggested by Sonar)? Can you confirm it?

Best,
Marcin

Yes, that’s the problem.