We are using the “Community Edition Version 8.9.6 (build 50800)” and need to check if the developers are using a wrong URL to access some APIs. The language (C#, java, nodejs) doesn’t matter for us.
We need to alert this in a quality gate after sonarscanner…
Could you send us a simple example or documentation for this?
As I’m talking about URL, this rule must be valid for any language. For example:
If the scanning find the string “HTTPS://api-infra.”, the sonarqube has to alert this at analysis report.
As Ann said, we don’t have this possibility now, out of the box to configure a simple generic rule that will catch some Strings in the code and raise an issue. We received similar requests in the past and maybe we will come to it one day.
Meanwhile, I have 2 suggestions:
create a simple analyzer/plugin that will work on all the files indexed by SonarQube and “grep” your specific list of forbidden Strings
or you could even do a PR on this repo to provide a generic template rule
write a simple tool outside of SonarQube that will “grep” your specific list of forbidden Strings and generate a file compatible with the Generic Issue Import Format.