We are happy to announce the support of Kubernetes analysis and the first set of 6 rules to help developers write more secure containerized applications.
Here is the list of rules:
- S6431: Using host namespaces is security-sensitive
- S6430: Allowing process privilege escalation is security-sensitive
- S6429: Exposing Docker sockets is security-sensitive
- S5849: Setting capabilities is security-sensitive
- S6433: Mounting sensitive file system paths is security-sensitive
- S6428: Enabling privileged mode on containers is security-sensitive
How to get this?
- For SonarCloud: it’s there, nothing to activate, just trigger a scan of your repository containing some K8S files and you will see the results in the Security Hotspots space
- For SonarQube: it will be embedded in the upcoming version 9.6
Don’t hesitate to share your feedback about this first release supporting Kubernetes analysis.