Infrastructure as Code Analysis


(Jose Alvarez) #1

Does Sonarqube support scanning infrastructure as code for vulnerabilities?
thx
jose


(G Ann Campbell) #2

Hi jose,

SonarSource doesn’t offer any analyzers for this, and I’m not aware of any 3rd-party ones either.

Ann


(Jose Alvarez) #3

thanks for the quick response…Ann!


(Xavier Bourguignon) #4

Hi Jose,

The only 3rd-party plugin I know is for puppet: https://github.com/iwarapter/sonar-puppet


(Jose Alvarez) #5

Thanks for the info…Xavier!