SC-48984 Add correct project key to fix SCA check

[aleksandra-bozhinoska-sonarsource]

Please be aware that we are not actively looking for feature contributions. The truth is that it's extremely difficult for someone outside SonarSource to comply with our roadmap and expectations. Therefore, we typically only accept minor cosmetic changes and typo fixes. If you would like to see a new feature, please create a new thread in the forum "Suggest new features".

With that in mind, if you would like to submit a code contribution, make sure that you adhere to the following guidelines and all tests are passing:

• Please explain your motives to contribute this change: what problem you are trying to fix, what improvement you are trying to make
• Use the following formatting style: SonarSource/sonar-developer-toolset
• Provide a unit test for any code you changed
• If there is a JIRA ticket available, please make your commits and pull request start with the ticket ID (SCANJLIB-XXXX)

We will try to give you feedback on your contribution as quickly as possible.

Thank You!
The SonarSource Team

[hashicorp-vault-sonar-prod]

SC-48984

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[sonar-review-alpha]

Summary

This PR adds a new .github/repo-metadata.yaml configuration file to enable and configure SCA (Software Composition Analysis) checks for the repository. The file specifies the Maven project key org.sonarsource.scanner.lib:sonar-scanner-java-library-parent that the SCA system uses to identify this project.

What reviewers should know

What to review:

• The project key matches the actual Maven artifact published by this repository (verify against pom.xml or build output if unsure)
• This is a configuration-only change with no code modifications

Context:

• This is a low-risk addition—SonarSource uses this metadata file to track and validate SCA checks across their repositories
• The file is part of the standard repository setup and follows SonarSource conventions

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonar-review-alpha]

LGTM! ✅

Clean, minimal change. The project key in the new file (org.sonarsource.scanner.lib:sonar-scanner-java-library-parent) exactly matches the groupId and artifactId declared in the root pom.xml, so the configuration is correct.

🗣️ Give feedback