Must-share information (formatted with Markdown):
- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
we are using * Community Edition Version 8.6 (build 39681) - what are you trying to achieve
we are trying to scan the Yaml file for vulnerabiltiy. as of now mainely we are focuing on 2 types of vulnerability. 1) Identation :- it means when we have any issue in the identation. it should scan and throw the error. 2) also in the scan it should find out some security vulnerable. - what have you tried so far to achieve this
seaching on the Internet we found one document.
SonarCloud can scan Terraform and CloudFormation files + cfn-lint support
accoding to this document we have upgraded our sonarqueb to 9.2. and did some test on different scenario. we are able to successfull find the vulnerabiltiy for all . but on one scenario when we are passng the * sign on the templeate.yaml file under resouce tag. its not able to detect that.
Accoding to our need,it should throw warning or error message as it can be code vulnerabilty scan