Skip to content

sonarcloud

sonarcloud #151

Triggered via workflow run June 24, 2026 11:43
Status Failure
Total duration 9s
Artifacts

sonarcloud.yml

on: workflow_run
analysis
6s
analysis
Fit to window
Zoom out
Zoom in

Annotations

1 error
analysis
Refusing to check out fork pull request code from a 'workflow_run' workflow. This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch cache scope, and runner access. Fetching and executing a fork's code in that trusted context commonly leads to "pwn request" vulnerabilities. To opt in, review the risks at https://gh.io/securely-using-pull_request_target and set 'allow-unsafe-pr-checkout: true' on the actions/checkout step.