Same issue for me
Hi,
Are either of you comfortable sharing your org and project Ids publicly?
Thx,
Ann
We have a public repository - GitHub - twilio/twilio-csharp: Twilio C#/.NET Helper Library for .NET6+.
Thanks!
1 Like
Hi,
Thanks for this!
I’ve flagged this for the team.
Ann
I am also encountering this issue on my repo and SonarCloud project. It looks like it was last able to connect on Dec 11, 2023.
From what I can tell nothing changed in relation to the Github action that runs the Sonarcloud scan and our project in SonarCloud is bound to our Github repo.
Hi Ann and Anita!
I was wondering if there is an update on this? Thanks!
I tried @ you but the comment function wouldn’t let me.
Hi @MonicaG
I can’t promise when exactly we’ll tackle the ticket, it is planned.
To summarize - our suspicion is that GitHub reports potential issues with SonarCloud if there were no security issues raised for some time; if any security issues appear, they should be raised on the GitHub side as well.
If it’s not the case, please let us know.
Anita
Hello Anita and Ann,
It looks like we did have a security issue raised after Dec 11, 2023 but we continue to see the error. If you want more info, please DM me and I can send you the details.
Thanks!
Hi @wmulder
Thanks for reaching out!
Before DM-ing you, I have some general questions:
- Was the security issue raised after GitHub started showing that there was a problem with SonarCloud integration?
- When was the last analysis raising the security issue run?
- What’s the date of “opened” in the GitHub Code security tab for this security issue? (the date marked on the screenshot )
Anita
Hello Anita,
I may have gotten Security Issue and Security Hotspot mixed up, and I’m assuming the latter wouldn’t trigger the integration with Github. We had a security hotspot on May 14, 2024 which was after the integration stopped working. The issue was reviewed on May 23rd. For this security hotspot, I didn’t see anything come over to Github.
That said when i was looking in Github, I did see that Sonarcloud Identified a Security issue on Nov 22, 2023 and our integration stopped working on Dec 11, 2023 which is just 19 days later.
Thanks!
Thanks a lot for more details, this is helpful!
Hi Anita, any news on this case. we have the same issue
Hi @PrzemekP
Welcome to the community!
Thanks for letting us know. Solving this issue is on our radar, I can’t promise when it will be tackled, though.
Note that the feature itself works. It looks like GitHub’s behaviour changed—it seems that they mark a tool as potentially having issues if no vulnerabilities have been raised for some time.
Anita
Arrived here from google. Having the exact same issue for a bunch of our repositories.
I just checked our repo this morning and it looks like this is working again. In Github it shows:
Last scan 15 hours ago for the SonarCloud integration.
Nice to see that this issue has been resolved for some. Unfortunately our project still exhibits the issue:
At the time of writing the most recent analysis of the default branch was four hours ago.
Yeah, I checked another project that is still in an error state.
Hey @Stephan202 and @budb
FYI, we are pretty sure the original issue is solved, but are still chasing down some corner cases this week. We’ll continue monitoring the situation and update here.
1 Like
Hi @budb and @Stephan202 ,
We deployed a fix for a corner case a few days ago. Do you still experience the issue?