Hello, there is a YAML plugin available to scan YAML files in SonarQube (YAML Analyzer | SonarQube™ Plugins Index).
I understand that in SonarCloud there isn’t the ability to install third-party plugins but are there any plans in SonarCloud to officially incorporate rules for scanning YAML files such as those in the plug in above?
While we’re grateful for the community YAML plugin – it’s mostly just making sure that YAML files are well-formatted. This is important, but not a priority (lots of developers already have a formatter like this running in their IDE).
We do analyze YAML files when they involve a supported language, like Kubernetes, and all files get analyzed for secrets.
That’s fair - thanks for the feedback