NHSDigital · anthony-nhs · Jan 28, 2026 · Jan 27, 2026 · Jan 27, 2026 · Jan 27, 2026
diff --git a/.gitallowed b/.gitallowed
@@ -5,3 +5,4 @@ password: \${{ secrets\.GITHUB_TOKEN }}
 def __init__\(self, token: str, owner: str, repo: str.*
 self\.token = token
 token = os\.environ\.get\(\"GH_TOKEN\"\)
+\-Dsonar\.token=\"\$SONAR_TOKEN\"
diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml
@@ -328,7 +328,14 @@ jobs:
 
       - name: Run SonarQube analysis
         if: ${{ steps.check_languages.outputs.uses_java == 'true' && env.SONAR_TOKEN_EXISTS == 'true' }}
-        run: mvn sonar:sonar -Dsonar.login=${{ secrets.SONAR_TOKEN }}
+        run: |
+          # issues with sonar scanner and sslcontext-kickstart 9.1.0, forcing re-download
+          rm -rf ~/.m2/repository/io/github/hakky54/sslcontext-kickstart/9.1.0
+          mvn dependency:get -U -Dartifact=io.github.hakky54:sslcontext-kickstart:9.1.0
+          # run sonar scan
+          mvn sonar:sonar -Dsonar.token="$SONAR_TOKEN"
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
       - name: SonarCloud Scan
         uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9