set sonar organization and project key

.github/workflows/build.yml

@@ -66,15 +66,6 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4    # https://github.com/marketplace/actions/checkout
 
-      # Cache NPM dependencies
-      - name: Install and Cache NPM dependencies
-        id: cache
-        uses: actions/cache@v3    # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions
-        with:
-          path: |
-            ~/.npm
-          key: npm-${{ hashFiles('package.json','**/package-lock.json') }}
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3    # https://github.com/marketplace/actions/docker-setup-build
 
@@ -170,7 +161,7 @@ jobs:
         uses: actions/cache@v3    # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions
         with:
           path: ${{ env.TRIVY_CACHE_DIR }}
-          key: trivy-${{ hashFiles('**/pom.xml', '**/Containerfile*') }}    # Trivy scan results are influenced by npm dependencies and Containerfile runtime image
+          key: trivy-${{ hashFiles('**/package-lock.json', '**/Containerfile*') }}    # Trivy scan results are influenced by npm dependencies and Containerfile runtime image
 
       - name: Scan Image with Aqua Security Trivy
         uses: aquasecurity/trivy-action@0.13.0    # https://github.com/marketplace/actions/aqua-security-trivy

.github/workflows/code-scan-sonarcloud.yml

@@ -50,19 +50,6 @@ jobs:
           # Disabling shallow clone is recommended for improving relevancy of reporting
           fetch-depth: 0
 
-      # Setup Java
-      - uses: actions/setup-java@v3    # https://github.com/actions/setup-java
-        with:
-          distribution: microsoft    # Microsoft was selected to match Visual Studio Code Dev Container Java distribuition, see .devcontainer/devcontainer.json. Supported distributions: https://github.com/actions/setup-java#supported-distributions
-          java-version: '17'    # Java version must match `project.properties['java.version']` in pom.xml
-
-      - name: Cache NPM dependencies
-        uses: actions/cache@v3    # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions
-        with:
-          path: |
-            ~/.npm
-          key: npm-${{ hashFiles('**/pom.xml') }}
-
       - name: Cache SonarCloud dependencies
         uses: actions/cache@v3    # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions
         with:
@@ -75,6 +62,11 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}    # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}    # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/
+        with:
+          projectBaseDir: src
+          args: >
+            -Dsonar.organization=${{ vars.SONAR_ORGANIZATION }}
+            -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }}
 
       # In case you need to override default settings
       # - name: Analyze with SonarCloud