How to scan javascript code in yaml files


I am using SonarQube Community Edition version 9.0 and sonar-scanner-4.6.2, I installed the sonar-yaml-plugin-1.5.2 for scanning yaml files.

However, my yaml files include JavaScript, how can I scan both JavaScript and Yaml contents ? Now, I can only scanned yaml format

Thank you!

Hey there.

GitHub - sbaudoin/sonar-yaml: SonarQube plugin to analyze YAML files is a community-supported plugin not developed, maintained or supported by SonrSource.

I would suggest reaching out to the maintainer… and, even then, I don’t think you’re going to find any luck getting SonarQube’s Javascript analyzer to analyze the embedded Javascript. Your best bet will be to extract it somehow and then perform a regular analysis.

Can you talk a little more about why you have Javascript code embedded in Yaml? Is it for a specific tool, architecture, …? It will help us understand if it’s something we should support.

Thanks Colin,

Our OpenAPI system manages source codes as yaml files that includes JavaScript code for processing business, so it make easier to delivery between different environments (DEV, UAT, Production,…)

As your recommend, I will try to contact with the maintainer.
Thank you!