Can Sonarqube scan Kubernetes manifest files?

kangsumang · August 7, 2023, 7:59am

Hi

Alexandre_Gigleux · August 7, 2023, 12:57pm

Hello,

Yes, this is the feature provided when we are saying that Sonar can scan Kubernetes files.

Did you try? Did you face any bad behavior? Don’t hesitate to share so we can better understand your use case.

Thanks
Alex

kangsumang · August 8, 2023, 3:48am

Hello Alex,

My Sonarqube is 8.2-community only. Does this still cover the Kubernetes file scan?

Thanks,
Ericka

Alexandre_Gigleux · August 8, 2023, 8:03am

Hello,

You need to upgrade at minimum to SonarQube 9.9 LTS to get access to K8S scan.
The best is to upgrade to the upcoming SQ 10.2 (end of August) to get the best of our products.

Alex

kangsumang · August 10, 2023, 3:43am

I have tried to scan, and got PASSED status. But as checked, it didn’t scan the helm charts? So it only scan manifest files?

Alexandre_Gigleux · August 10, 2023, 6:33am

This is correct, Helm Chart support is in our roadmap.