Adding a new costume roles to check if the .env file is encrypted or not!

Must-share information (formatted with Markdown):

  • i am using sonarqube (docker image)
  • im trying to add new rule to my sonarqube to check if the enviroments files are encrypted if not its a penalty
  • im asking if this can be acheived or not…
    thank uu

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!
no logs

Hey there.

Are you thinking about the files themselves, or the contents of the files?

Hi Colin
actually i will care about the content of of the files and check if the content write on format like (x = xstring) this is a penalty

thank u

SonarQube will raise issues if it finds secrets stored in configuration files. So I suppose in a way, it would raise issues if it finds unencrypted values that match the secrets it wants to detect.

Otherwise, I think a rule that just raised issues on if values in the files are unencrypted would be quite noisy since not all configuration needs to be encrypted (just secrets).

actually the enviroment file it will be just one file and will be all encrypted not only a single value ( like using ansible-vault to encrypte the file)

I don’t think SonarQube will be able to help you here.

1 Like

okey thank u for your help