Infrastructure as Code Analysis

(Jose Alvarez) #1

Does Sonarqube support scanning infrastructure as code for vulnerabilities?

(G Ann Campbell) #2

Hi jose,

SonarSource doesn’t offer any analyzers for this, and I’m not aware of any 3rd-party ones either.


(Jose Alvarez) #3

thanks for the quick response…Ann!

(Xavier Bourguignon) #4

Hi Jose,

The only 3rd-party plugin I know is for puppet:

(Jose Alvarez) #5

Thanks for the info…Xavier!