Custom rules for IaC?

When will we have the ability to add custom rules for IAC scanning? Is it on the roadmap?

Hello @Jay_Thakkar,

I moved your topic in “Suggest new features > New features” category.

There is no plan so far to provide the ability to write custom rules for IaC.
Can you clarify what use cases would you like to cover with custom rules?


1 Like


Released a new version of the Sonarcube cloudformation plugin Release Release 3.0.0 · Hack23/sonar-cloudformation-plugin · GitHub , only support latest sonarqube 9.2 that added native support for cloudformation and terraform.

Adds 475 terraform(checkov) and 278 cloudformation(cfn-nag,checkov) rules to Sonarqube.

Demo Sonarqube quality profile(Cloudformation) SonarQube
Demo Sonarqube quality profile(Terraform) SonarQube
Demo Sonarqube quality terraform SonarQube
Demo Sonarqube quality cloudformation issues SonarQube

Would be nice to support cfn-nag/checkov rules as part of iac plugin so I don’t have to maintain above plugin.

Best regards