Good evening everyone, I manage a project on github where I recently added SonarCloud to my project. It works fine, until I get contributors other than myself making pull requests, where the build fails. Does anyone have insight into why this happens.
Currently, we don’t support the analysis of forked PRs, we recognize that this is an important feature and have the feature on our radar as something to tackle this year. It’s a tricky issue – since with SonarCloud’s current architecture executing an analysis means sharing a secret – and that presents a security issue.