Sonar-Github Action - Limitation with Root user

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    We are leveraging Sonar marketplace action - Official SonarQube Scan · Actions · GitHub Marketplace

  • what are you trying to achieve
    We are trying to implement Github action for SonarScan

  • what have you tried so far to achieve this
    We have leverage SonarMarket place action available for Github to achieve this.
    Only issue is - Sonar action use docker container to perform the step which run as root. There are 2 issues - 1. Security risk 2. It is not able to cleanup the file causing issues for job.


Hello @jetaldesai and welcome to the community :wave:

sorry for the delay this post slipped under the radar. to answer your questions, this is a best practice as documented by github. nearly all actions run as root in a isolated docker container.

hope that clarifies things :slight_smile: