Scanning GitHub pull requests using Maven

I have my project set up on SonarCloud and scanning manually. I’m trying to introduce pull request scanning, but can’t quite figure out how to pass the SONAR_TOKEN to the job.

I have the token set up in my GitHub project as a secret, but secrets are not passed into pull requests that come from other forks due to security reasons.

How do I get around this so that my pull requests get scanned?


Welcome to the community!

Are you using GitHub Actions? Maybe the docs will help.


Yes I am using GitHub actions and I have read the docs.

GitHub actions do not populate secrets for pull requests that come from forks, so I’m not sure how this is supposed to work.


Ah. Yes, we really don’t support analyzing forks well. We’re aware of the gap.


Thats quite a gap to be honest.

Hi Eric,

Thanks for bringing this up, your feedback is well-noted and we are considering options to improve our support of external Pull Requests.