Hi there, dear Cloud Native developers,
We are very excited to announce we have just published the first version of our support for the Ansible IaC language on SonarQube-Cloud.
This will allow you to scan your YAML-based Ansible files. It offers 17 rules covering security issues in Ansible itself, Docker, and Kubernetes deployments, as well as maintainability issues.
You can also use the sonar.ansible.ansible-lint.reportPaths analysis property to provide the output of ansible-lint (Json/Sarif format) to the analysis to import the issues raised by this tool.
This is available starting today on SonarQube Cloud (all plans) and will be available in SonarQube Server 10.8 (Developer Edition and above).
The documentation will be updated shortly.
Please note that, in SonarQube Server 10.8, you will need to remove the existing community plugin from your instance if you were using it and adapt your pipelines to manually run ansible-lint and provide the output to the new plugin.
Do not hesitate to give your feedback, it is a gift!
Denis