Infrastructure as Code Analysis

Jose_Alvarez · August 29, 2018, 4:11pm

Does Sonarqube support scanning infrastructure as code for vulnerabilities?
thx
jose

ganncamp · August 29, 2018, 4:21pm

Hi jose,

SonarSource doesn’t offer any analyzers for this, and I’m not aware of any 3rd-party ones either.

Ann

Jose_Alvarez · August 29, 2018, 4:26pm

thanks for the quick response…Ann!

xbourguignon · August 29, 2018, 4:27pm

Hi Jose,

The only 3rd-party plugin I know is for puppet: https://github.com/iwarapter/sonar-puppet

Jose_Alvarez · August 29, 2018, 5:31pm

Thanks for the info…Xavier!

Bharat_Vyas1 · May 13, 2020, 11:46am

Is it still the same, do we have any features now ?

ganncamp · May 13, 2020, 1:41pm

It seems to still be the case.

Ann