Custom security hotspot checks

Hi Sonarcloud team,

We have a requirement to put some additional security checks in our cicd pipelines apart from what comes default in sonarcloud. I would like to check if it’s possible to create custom security hotspots to achieve this. if yes, could you share some details around that. if not is there any other workaround to achieve it.
to put it in simple words, we are trying to ensure certain keywords/parameters do not exist in the code and want to detect and alert on during git pull.

Appreciate your prompt reply.


Sorry for the delay to get back to you. There is no way as of now to provide your own checks on SonarCloud based on our analysis engines.

The only workaround I see is this one:

  • you develop your own checks as you want: python script checking for the keywords/parameters you mentioned for example
  • you generate a file compatible with the Generic Issue Data format: (note: you can only import Bugs, Vulnerabilities or Code Smells with this feature)

Do you think your needs would be valuable for others? In that case, maybe you could detail which rules you want to implement and we will see if we can make them part of the default rules we provide.