From c8540372c934b6a7fa55e77d0f42a290d85ee83f Mon Sep 17 00:00:00 2001
From: OneMerguezMan <156898956+OneMerguezMan@users.noreply.github.com>
Date: Fri, 26 Sep 2025 10:43:11 +0200
Subject: [PATCH 1/8] Add GitHub Actions workflow for SonarQube scan

---
 .github/workflows/build.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 .github/workflows/build.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000000..5e3b887a1c
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,19 @@
+name: Build
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  sonarqube:
+    name: SonarQube
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v6
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

From b004b7a50250dedd2e72a3931448e04af547bed0 Mon Sep 17 00:00:00 2001
From: OneMerguezMan <156898956+OneMerguezMan@users.noreply.github.com>
Date: Fri, 26 Sep 2025 10:43:50 +0200
Subject: [PATCH 2/8] Add sonar-project.properties configuration file

---
 sonar-project.properties | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 sonar-project.properties

diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000000..4fd2619a6c
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,14 @@
+sonar.projectKey=OneMerguezMan_BenchmarkJava
+sonar.organization=onemerguezman
+
+
+# This is the name and version displayed in the SonarCloud UI.
+#sonar.projectName=BenchmarkJava
+#sonar.projectVersion=1.0
+
+
+# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
+#sonar.sources=.
+
+# Encoding of the source code. Default is default system encoding
+#sonar.sourceEncoding=UTF-8

From 67fa5b5c4eacf7f3811bdc6d3ec56694bf10495d Mon Sep 17 00:00:00 2001
From: OneMerguezMan <156898956+OneMerguezMan@users.noreply.github.com>
Date: Fri, 26 Sep 2025 10:47:14 +0200
Subject: [PATCH 3/8] Update build.yml

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5e3b887a1c..46849d93d7 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -16,4 +16,4 @@ jobs:
       - name: SonarQube Scan
         uses: SonarSource/sonarqube-scan-action@v6
         env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_TOKEN: mvn clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.token=myAuthenticationToken

From f7b5630616f421771b990f1f457e27d8d5e9ef85 Mon Sep 17 00:00:00 2001
From: OneMerguezMan <156898956+OneMerguezMan@users.noreply.github.com>
Date: Fri, 26 Sep 2025 10:49:18 +0200
Subject: [PATCH 4/8] Use secret for SonarQube token in build.yml

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 46849d93d7..5e3b887a1c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -16,4 +16,4 @@ jobs:
       - name: SonarQube Scan
         uses: SonarSource/sonarqube-scan-action@v6
         env:
-          SONAR_TOKEN: mvn clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.token=myAuthenticationToken
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

From 656fce42d6014b2e30a31a8660c2b168c12341b1 Mon Sep 17 00:00:00 2001
From: OneMerguezMan <156898956+OneMerguezMan@users.noreply.github.com>
Date: Fri, 26 Sep 2025 10:50:41 +0200
Subject: [PATCH 5/8] Add Sonar organization to pom.xml

Add Sonar organization property for analysis.
---
 pom.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pom.xml b/pom.xml
index 7913294488..b31dad090f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -9,6 +9,10 @@
     <description>OWASP Benchmark is a Java test suite designed to evaluate the accuracy, coverage, and speed of automated software vulnerability detection tools.</description>
     <url>https://github.com/OWASP-Benchmark/BenchmarkJava</url>
 
+    <properties>
+        <sonar.organization>onemerguezman</sonar.organization>
+    </properties>
+
     <developers>
         <developer>
             <id>davewichers</id>

From aecc47f458dbab2f287bd3406b186c2157e8bf00 Mon Sep 17 00:00:00 2001
From: OneMerguezMan <156898956+OneMerguezMan@users.noreply.github.com>
Date: Fri, 26 Sep 2025 10:51:10 +0200
Subject: [PATCH 6/8] Update build.yml

---
 .github/workflows/build.yml | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5e3b887a1c..d0bab8bcb8 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,4 +1,4 @@
-name: Build
+name: SonarQube
 on:
   push:
     branches:
@@ -6,14 +6,31 @@ on:
   pull_request:
     types: [opened, synchronize, reopened]
 jobs:
-  sonarqube:
-    name: SonarQube
+  build:
+    name: Build and analyze
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
-      - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v6
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: 17
+          distribution: 'zulu' # Alternative distribution options are available.
+      - name: Cache SonarQube packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Maven packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+      - name: Build and analyze
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=OneMerguezMan_BenchmarkJava

From d7de8a80822e890d3cb26b489161aee68986a634 Mon Sep 17 00:00:00 2001
From: OneMerguezMan <156898956+OneMerguezMan@users.noreply.github.com>
Date: Fri, 26 Sep 2025 10:56:21 +0200
Subject: [PATCH 7/8] Move sonar.organization property to organization section

---
 pom.xml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index b31dad090f..53209d14f0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -9,10 +9,6 @@
     <description>OWASP Benchmark is a Java test suite designed to evaluate the accuracy, coverage, and speed of automated software vulnerability detection tools.</description>
     <url>https://github.com/OWASP-Benchmark/BenchmarkJava</url>
 
-    <properties>
-        <sonar.organization>onemerguezman</sonar.organization>
-    </properties>
-
     <developers>
         <developer>
             <id>davewichers</id>
@@ -24,6 +20,9 @@
     <organization>
         <name>OWASP Foundation</name>
         <url>https://owasp.org/</url>
+        <properties>
+        <sonar.organization>onemerguezman</sonar.organization>
+        </properties>
     </organization>
 
     <licenses>

From 195cdafce85b5353e67079645c263038a1271616 Mon Sep 17 00:00:00 2001
From: OneMerguezMan <156898956+OneMerguezMan@users.noreply.github.com>
Date: Fri, 26 Sep 2025 11:11:18 +0200
Subject: [PATCH 8/8] Update pom.xml

---
 pom.xml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 53209d14f0..8a36b647e3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,9 +20,6 @@
     <organization>
         <name>OWASP Foundation</name>
         <url>https://owasp.org/</url>
-        <properties>
-        <sonar.organization>onemerguezman</sonar.organization>
-        </properties>
     </organization>
 
     <licenses>
@@ -1230,6 +1227,7 @@
     <properties>
         <failOnMissingWebXml>false</failOnMissingWebXml>
         <java.target>8</java.target>
+        <sonar.organization>onemerguezman</sonar.organization>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <maven.war.webxml>${basedir}/src/config/web.xml</maven.war.webxml>