sodul
(Stephane Odul)
1
We download the scanner from SonarScanner CLI which comes with JRE 17.0.7.
Unfortunately this version contains several High CVEs that our internal security scans are flagging.
Can a new release of the scanner binaries be performed with a newer version of the JRE with fixes?
I see that there is a ticket tracking this:
https://sonarsource.atlassian.net/browse/SCANCLI-129
which is based on a closed PR in the public repo:
Raising this here so others can track progress more easily.