Can Sonarqube scan Kubernetes manifest files?

Hi

Can Sonarqube scan Kubernetes manifest files?

Hello,

Yes, this is the feature provided when we are saying that Sonar can scan Kubernetes files.

Did you try? Did you face any bad behavior? Don’t hesitate to share so we can better understand your use case.

Thanks
Alex

Hello Alex,

My Sonarqube is 8.2-community only. Does this still cover the Kubernetes file scan?

Thanks,
Ericka

Hello,

You need to upgrade at minimum to SonarQube 9.9 LTS to get access to K8S scan.
The best is to upgrade to the upcoming SQ 10.2 (end of August) to get the best of our products.

Alex

I have tried to scan, and got PASSED status. But as checked, it didn’t scan the helm charts? So it only scan manifest files?

This is correct, Helm Chart support is in our roadmap.

1 Like