How to get cloudformation and kubernetes yaml files analysed in Azure DevOps pipeline?

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • how is SonarQube deployed: zip, Docker, Helm
  • what are you trying to achieve
    Get cloudformation and kubernetes yaml files analysed together with my C# (.net 6) solution in Azure DevOps Build Pipeline.
  • what have you tried so far to achieve this
    The build pipeline in Azure Devops was setup following the instrucions provided in the Sonarqube wizard ans is working fine for the C#/.net6 solution analysis, but in the same repository I also have a “/cloudformation” directory and a “/k8s” directory which contains cloudformation template and kubernetes manifests, respectively. The files in these folders are ignored by the sonar scanner.

I have tried to switch the task SonarQubePrepare@5 to use the mode CLI instead of MSBuild, then it can analyse the cloudformation files but can`t analyse the C# ones! So I guess I really need the scanner to be using the MSBuild mode.

Is this doable? Do I need to reference the cloudformation and kubernetes yaml files in the solution somehow??

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

Hey there.

You will need to include your IaC files in your dotnet sonarscanner scan. Check the documentation on SonarScanner for .NET > Analyzing languages other than C# and VB

:warning: Make sure you upgrade to SonarQube v9.9 LTS soon, not only to benefit from our Best LTS Ever™, but because soon we will systematically ask users to upgrade when they ask questions about earlier versions of SonarQube, which are now considered unsupported. :smiley: