Kubernetes in dotnet scanner is not working?

I have SonarScanner for .NET with version 6.2 connecting to SonarQube Enterprise Edition
v10.6 (92116). I have .NET project and today I enabled Docker and Kubernetes profiles to scan my dockerfile and kubernetes yaml files that are side by side in project folder. Scanner is recognizing dockerfile but I can’t fore it to detect any of my yaml files. I tired with yaml and yml extensions and also change root folder because originally we have them in .k8s and I suspected that sonar may skip those folder. Every time sonar is not detecting any kubernetes file. I only have info ‘IaC Kubernetes Sensor’ skipped because there is no related file in current project’ and file “.sonarqube\out\sonar-project.properties” has no yaml files. How to make sonnar to see those files?

Take a look at these docs.

I have read that before but it was not clear for me but today I think I understand it better. I have added all yaml files to my dcproj and they are visible now but I think it should be recognized as kubernetes (just like here) and currently I see this:

14:01:03.770 DEBUG: '.k8s\.template\base\netpolicy.yaml' indexed with language 'yaml'
14:01:06.222 DEBUG: '.k8s/.template/base/netpolicy.yaml' generated metadata with charset 'windows-1250'
14:01:06.222 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/base/netpolicy.yaml

Is this proper behavior?

I’d have to see .k8s/.template/base/netpolicy.yaml to determine how it should be classified!

There is a bunch of login that contributes to this determination.

Hi @dominikjeske,

YAML files are used for multiple purposes, not just K8s. Every analyzer that supports an ecosystem that uses YAML files needs to identify whether the file should be analyzed. The log message you see is from the CloudFormation analyzer/sensor. Can you check your logs for the Kubernetes sensor?

Best,

Content of netpolicy.yaml file attached below and whole log of project with yaml configs. Maybe I was watching on wrong log location. If I’m interpreting this right first sonar displays all detected files and then analyze per project and below I attached this second part. There are many yaml files and part of them are not kubernetes files so I see ‘File without Kubernetes identifier’ and this is ok but I’m not sure looking at logs how netpolicy.yaml is categorized and if kubernetes scanner properly scan and verified this file. Generally in UI it could be nice to see what analyzer was checking particular file.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: ${Yaml_ComponentName}-networkpolicy
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/name: ${Yaml_ComponentName}-app${Yaml_NameSuffix_ComponentId}
  policyTypes:
  - Ingress
  ingress:
  - ports:
    - port: app-port
      protocol: TCP
    - port: hc-port
      protocol: TCP      
    - port: monmetrics-port
      protocol: TCP
    - port: appmetrics-port
      protocol: TCP
    - port: monitor-port
      protocol: TCP

14:01:06.128 INFO: ------------- Run sensors on module Sample.WebApi.Deployment

14:01:06.194 DEBUG: 'Import external issues report' skipped because one of the required properties is missing

14:01:06.195 DEBUG: 'Python Sensor' skipped because there is no related file in current project

14:01:06.195 DEBUG: 'Cobertura Sensor for Python coverage' skipped because there is no related file in current project

14:01:06.195 DEBUG: 'PythonXUnitSensor' skipped because there is no related file in current project

14:01:06.195 DEBUG: 'Import of Pylint issues' skipped because there is no related file in current project

14:01:06.195 DEBUG: 'Import of Bandit issues' skipped because there is no related file in current project

14:01:06.195 DEBUG: 'Import of Flake8 issues' skipped because there is no related file in current project

14:01:06.195 DEBUG: 'Import of Mypy issues' skipped because there is no related file in current project

14:01:06.195 DEBUG: 'Import of Ruff issues' skipped because there is no related file in current project

14:01:06.195 DEBUG: 'IaC Terraform Sensor' skipped because there is no related file in current project

14:01:06.196 DEBUG: 'JavaScript/TypeScript analysis' skipped because there is no related file in current project

14:01:06.196 DEBUG: 'JavaScript inside HTML analysis' skipped because there is no related file in current project

14:01:06.196 DEBUG: 'JavaScript/TypeScript Coverage' skipped because there is no related file in current project

14:01:06.196 DEBUG: 'Import of ESLint issues' skipped because one of the required properties is missing

14:01:06.196 DEBUG: 'Import of TSLint issues' skipped because one of the required properties is missing

14:01:06.196 DEBUG: 'CSS Metrics' skipped because there is no related file in current project

14:01:06.196 DEBUG: 'Import of stylelint issues' skipped because one of the required properties is missing

14:01:06.197 DEBUG: 'XML Sensor' skipped because there is no related file in current project

14:01:06.197 DEBUG: Sensors : JaCoCo XML Report Importer -> IaC CloudFormation Sensor -> IaC Kubernetes Sensor -> IaC AzureResourceManager Sensor -> Java Config Sensor -> JavaScript inside YAML analysis -> CSS Rules -> C# Project Type Information -> C# Analysis Log -> C# Properties -> IaC Docker Sensor -> Serverless configuration file sensor -> AWS SAM template file sensor -> AWS SAM Inline template file sensor

14:01:06.197 INFO: Sensor JaCoCo XML Report Importer [jacoco]

14:01:06.198 INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml

14:01:06.199 INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer

14:01:06.200 INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms

14:01:06.200 INFO: Sensor IaC CloudFormation Sensor [iac]

14:01:06.204 DEBUG: '.k8s/.template/components/monitor-sidecar/kustomization.yaml' generated metadata with charset 'windows-1250'

14:01:06.206 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/components/monitor-sidecar/kustomization.yaml

14:01:06.207 DEBUG: '.k8s/.config/tokens/dev.yaml' generated metadata with charset 'windows-1250'

14:01:06.207 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/tokens/dev.yaml

14:01:06.208 DEBUG: '.k8s/.config/tokens/aks-dev-02.yaml' generated metadata with charset 'windows-1250'

14:01:06.208 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/tokens/aks-dev-02.yaml

14:01:06.209 DEBUG: '.k8s/.config/secrets/uat.yaml' generated metadata with charset 'windows-1250'

14:01:06.209 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/secrets/uat.yaml

14:01:06.210 DEBUG: '.k8s/.template/base/kustomization.yaml' generated metadata with charset 'windows-1250'

14:01:06.210 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/base/kustomization.yaml

14:01:06.210 DEBUG: '.k8s/.template/.env/patches/deployment-component-kerberos-sidecar.yaml' generated metadata with charset 'windows-1250'

14:01:06.210 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/.env/patches/deployment-component-kerberos-sidecar.yaml

14:01:06.210 DEBUG: '.k8s/.template/.env/ingress.yaml' generated metadata with charset 'windows-1250'

14:01:06.210 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/.env/ingress.yaml

14:01:06.212 DEBUG: '.k8s/.config/tokens/pprod.yaml' generated metadata with charset 'windows-1250'

14:01:06.212 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/tokens/pprod.yaml

14:01:06.212 DEBUG: '.k8s/.template/base/service-account.yaml' generated metadata with charset 'windows-1250'

14:01:06.212 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/base/service-account.yaml

14:01:06.213 DEBUG: '.k8s/.config/clusters.json' generated metadata with charset 'windows-1250'

14:01:06.213 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/clusters.json

14:01:06.213 DEBUG: '.k8s/.config/tokens/test.yaml' generated metadata with charset 'windows-1250'

14:01:06.213 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/tokens/test.yaml

14:01:06.214 DEBUG: '.k8s/.template/aks/ingress.yaml' generated metadata with charset 'windows-1250'

14:01:06.214 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/aks/ingress.yaml

14:01:06.214 DEBUG: '.k8s/.template/base/autoscaler.yaml' generated metadata with charset 'windows-1250'

14:01:06.214 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/base/autoscaler.yaml

14:01:06.216 DEBUG: '.k8s/.template/components/commonLabels/mk8s.yaml' generated metadata with charset 'windows-1250'

14:01:06.216 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/components/commonLabels/mk8s.yaml

14:01:06.216 DEBUG: '.k8s/.config/secrets/aks.yaml' generated metadata with charset 'windows-1250'

14:01:06.216 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/secrets/aks.yaml

14:01:06.217 DEBUG: '.k8s/.template/.env/persistent_volumes/test-volume-pv.yaml' generated metadata with charset 'windows-1250'

14:01:06.217 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/.env/persistent_volumes/test-volume-pv.yaml

14:01:06.218 DEBUG: '.k8s/.template/base/pod-disruption.yaml' generated metadata with charset 'windows-1250'

14:01:06.218 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/base/pod-disruption.yaml

14:01:06.219 DEBUG: '.k8s/.config/tokens/uat.yaml' generated metadata with charset 'windows-1250'

14:01:06.219 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/tokens/uat.yaml

14:01:06.221 DEBUG: '.k8s/.config/dotnet-monitor-appsettings.json' generated metadata with charset 'windows-1250'

14:01:06.221 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/dotnet-monitor-appsettings.json

14:01:06.222 DEBUG: '.k8s/.template/base/netpolicy.yaml' generated metadata with charset 'windows-1250'

14:01:06.222 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/base/netpolicy.yaml

14:01:06.223 DEBUG: '.k8s/.template/components/kerberos-sidecar/kustomization.yaml' generated metadata with charset 'windows-1250'

14:01:06.223 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/components/kerberos-sidecar/kustomization.yaml

14:01:06.224 DEBUG: '.k8s/.config/secrets/prod.yaml' generated metadata with charset 'windows-1250'

14:01:06.224 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/secrets/prod.yaml

14:01:06.226 DEBUG: '.k8s/.config/secrets/pprod.yaml' generated metadata with charset 'windows-1250'

14:01:06.226 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/secrets/pprod.yaml

14:01:06.227 DEBUG: '.k8s/.template/base/cert-manager.yaml' generated metadata with charset 'windows-1250'

14:01:06.227 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/base/cert-manager.yaml

14:01:06.228 DEBUG: '.k8s/.config/appsettings.Production.json' generated metadata with charset 'windows-1250'

14:01:06.228 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/appsettings.Production.json

14:01:06.229 DEBUG: '.k8s/.config/tokens/aks.yaml' generated metadata with charset 'windows-1250'

14:01:06.229 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/tokens/aks.yaml

14:01:06.230 DEBUG: '.k8s/.template/components/commonLabels/kustomization.yaml' generated metadata with charset 'windows-1250'

14:01:06.230 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/components/commonLabels/kustomization.yaml

14:01:06.231 DEBUG: '.k8s/.template/components/kerberos-sidecar/deployment.yaml' generated metadata with charset 'windows-1250'

14:01:06.231 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/components/kerberos-sidecar/deployment.yaml

14:01:06.232 DEBUG: '.k8s/.template/components/monitor-sidecar/deployment.yaml' generated metadata with charset 'windows-1250'

14:01:06.232 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/components/monitor-sidecar/deployment.yaml

14:01:06.233 DEBUG: '.k8s/.config/secrets/test.yaml' generated metadata with charset 'windows-1250'

14:01:06.233 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/secrets/test.yaml

14:01:06.234 DEBUG: '.k8s/.config/secrets/aks-dev-02.yaml' generated metadata with charset 'windows-1250'

14:01:06.234 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/secrets/aks-dev-02.yaml

14:01:06.235 DEBUG: '.k8s/.config/tokens/common.yaml' generated metadata with charset 'windows-1250'

14:01:06.235 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/tokens/common.yaml

14:01:06.236 DEBUG: '.k8s/.template/.env/namespace.yaml' generated metadata with charset 'UTF-8'

14:01:06.236 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/.env/namespace.yaml

14:01:06.237 DEBUG: '.k8s/.template/base/deployment.yaml' generated metadata with charset 'windows-1250'

14:01:06.237 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/base/deployment.yaml

14:01:06.238 DEBUG: '.k8s/.template/base/service.yaml' generated metadata with charset 'windows-1250'

14:01:06.238 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/base/service.yaml

14:01:06.239 DEBUG: '.k8s/.config/secrets/dev.yaml' generated metadata with charset 'windows-1250'

14:01:06.240 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/secrets/dev.yaml

14:01:06.241 DEBUG: '.k8s/.config/tokens/prod.yaml' generated metadata with charset 'windows-1250'

14:01:06.241 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.config/tokens/prod.yaml

14:01:06.242 DEBUG: '.k8s/.template/.env/kustomization.yaml' generated metadata with charset 'windows-1250'

14:01:06.242 DEBUG: File without identifier 'AWSTemplateFormatVersion': .k8s/.template/.env/kustomization.yaml

14:01:06.243 INFO: 0 source files to be analyzed

14:01:06.243 INFO: 0/0 source files have been analyzed

14:01:06.243 INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=43ms

14:01:06.243 INFO: Sensor IaC Kubernetes Sensor [iac]

14:01:06.249 DEBUG: Checking conditions for enabling Helm analysis: isNotSonarLintContext=true, isHelmActivationFlagTrue=true, isHelmEvaluatorExecutableAvailable=true

14:01:06.250 DEBUG: Initializing Helm processor

14:01:06.337 DEBUG: File without Kubernetes identifier: .k8s/.template/components/monitor-sidecar/kustomization.yaml

14:01:06.338 DEBUG: File without Kubernetes identifier: .k8s/.config/tokens/dev.yaml

14:01:06.338 DEBUG: File without Kubernetes identifier: .k8s/.config/tokens/aks-dev-02.yaml

14:01:06.338 DEBUG: File without Kubernetes identifier: .k8s/.config/secrets/uat.yaml

14:01:06.338 DEBUG: File without Kubernetes identifier: .k8s/.template/base/kustomization.yaml

14:01:06.339 DEBUG: File without Kubernetes identifier: .k8s/.config/tokens/pprod.yaml

14:01:06.341 DEBUG: File without Kubernetes identifier: .k8s/.config/tokens/test.yaml

14:01:06.341 DEBUG: File without Kubernetes identifier: .k8s/.config/secrets/aks.yaml

14:01:06.342 DEBUG: File without Kubernetes identifier: .k8s/.config/tokens/uat.yaml

14:01:06.342 DEBUG: File without Kubernetes identifier: .k8s/.template/components/kerberos-sidecar/kustomization.yaml

14:01:06.342 DEBUG: File without Kubernetes identifier: .k8s/.config/secrets/prod.yaml

14:01:06.343 DEBUG: File without Kubernetes identifier: .k8s/.config/secrets/pprod.yaml

14:01:06.343 DEBUG: File without Kubernetes identifier: .k8s/.config/tokens/aks.yaml

14:01:06.343 DEBUG: File without Kubernetes identifier: .k8s/.template/components/commonLabels/kustomization.yaml

14:01:06.346 DEBUG: File without Kubernetes identifier: .k8s/.config/secrets/test.yaml

14:01:06.347 DEBUG: File without Kubernetes identifier: .k8s/.config/secrets/aks-dev-02.yaml

14:01:06.347 DEBUG: File without Kubernetes identifier: .k8s/.config/tokens/common.yaml

14:01:06.349 DEBUG: File without Kubernetes identifier: .k8s/.config/secrets/dev.yaml

14:01:06.349 DEBUG: File without Kubernetes identifier: .k8s/.config/tokens/prod.yaml

14:01:06.349 DEBUG: File without Kubernetes identifier: .k8s/.template/.env/kustomization.yaml

14:01:06.352 INFO: 15 source files to be analyzed

14:01:06.613 INFO: 15/15 source files have been analyzed

14:01:06.614 DEBUG: Kubernetes Parsing Statistics: Pure Kubernetes files count: 15, parsed: 15, not parsed: 0; Helm files count: 0, parsed: 0, not parsed: 0

14:01:06.614 INFO: Sensor IaC Kubernetes Sensor [iac] (done) | time=371ms

14:01:06.614 INFO: Sensor IaC AzureResourceManager Sensor [iac]

14:01:06.615 DEBUG: File without identifier 'https://schema.management.azure.com/schemas/': .k8s/.config/clusters.json

14:01:06.615 DEBUG: File without identifier 'https://schema.management.azure.com/schemas/': .k8s/.config/dotnet-monitor-appsettings.json

14:01:06.616 DEBUG: File without identifier 'https://schema.management.azure.com/schemas/': .k8s/.config/appsettings.Production.json

14:01:06.617 INFO: 0 source files to be analyzed

14:01:06.617 INFO: 0/0 source files have been analyzed

14:01:06.617 INFO: Sensor IaC AzureResourceManager Sensor [iac] (done) | time=3ms

14:01:06.617 INFO: Sensor Java Config Sensor [iac]

14:01:06.619 INFO: 0 source files to be analyzed

14:01:06.619 INFO: 0/0 source files have been analyzed

14:01:06.619 INFO: Sensor Java Config Sensor [iac] (done) | time=2ms

14:01:06.619 INFO: Sensor JavaScript inside YAML analysis [javascript]

14:01:06.672 INFO: No input files found for analysis

14:01:06.672 INFO: Hit the cache for 0 out of 0

14:01:06.673 INFO: Miss the cache for 0 out of 0

14:01:06.673 INFO: Sensor JavaScript inside YAML analysis [javascript] (done) | time=54ms

14:01:06.673 INFO: Sensor CSS Rules [javascript]

14:01:06.673 INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.

14:01:06.673 INFO: Sensor CSS Rules [javascript] (done) | time=0ms

14:01:06.673 INFO: Sensor C# Project Type Information [csharp]

14:01:06.674 INFO: Sensor C# Project Type Information [csharp] (done) | time=1ms

14:01:06.674 INFO: Sensor C# Analysis Log [csharp]

14:01:06.674 DEBUG: Project 'DABI_SharkAreas_SampleWebApi:DABI_SharkAreas_SampleWebApi:878D976C-AA61-4CE8-9BBA-63D10BFB367A': Property missing: 'sonar.cs.analyzer.projectOutPaths'. No protobuf files will be loaded for this project.

14:01:06.674 INFO: Sensor C# Analysis Log [csharp] (done) | time=0ms

14:01:06.674 INFO: Sensor C# Properties [csharp]

14:01:06.674 DEBUG: Project 'DABI_SharkAreas_SampleWebApi:DABI_SharkAreas_SampleWebApi:878D976C-AA61-4CE8-9BBA-63D10BFB367A': Property missing: 'sonar.cs.analyzer.projectOutPaths'. No protobuf files will be loaded for this project.

14:01:06.674 DEBUG: Project 'DABI_SharkAreas_SampleWebApi:DABI_SharkAreas_SampleWebApi:878D976C-AA61-4CE8-9BBA-63D10BFB367A': No Roslyn issues reports have been found.

14:01:06.674 INFO: Sensor C# Properties [csharp] (done) | time=0ms

14:01:06.674 INFO: Sensor IaC Docker Sensor [iac]

14:01:06.675 INFO: 0 source files to be analyzed

14:01:06.681 INFO: 0/0 source files have been analyzed

14:01:06.681 INFO: Sensor IaC Docker Sensor [iac] (done) | time=7ms

14:01:06.681 INFO: Sensor Serverless configuration file sensor [security]

14:01:06.681 INFO: 0 Serverless function entries were found in the project

14:01:06.682 INFO: 0 Serverless function handlers were kept as entrypoints

14:01:06.682 INFO: Sensor Serverless configuration file sensor [security] (done) | time=1ms

14:01:06.682 INFO: Sensor AWS SAM template file sensor [security]

14:01:06.692 DEBUG: 0 SAM template configuration files were found in the project. 0 SAM function entries were found in total. 0 were kept as potential entrypoints.

14:01:06.692 INFO: Sensor AWS SAM template file sensor [security] (done) | time=10ms

14:01:06.692 INFO: Sensor AWS SAM Inline template file sensor [security]

14:01:06.700 DEBUG: 0 SAM Inline template configuration files were found in the project. 0 SAM Inline function entries were found in total. 0 were kept as potential entrypoints.

14:01:06.700 INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=8ms
````Preformatted text`

Hi @dominikjeske,

Thank you for sharing the code and logs. There are variables in the Kubernetes file that are not Helm or K8s syntax. Can you clarify which build tools you are using for your K8s files? Currently, we just support YAML and Helm syntax for Helm Charts and K8s files. The analyzer ignores other files and will not show them in the results.

Best,

I suspected this behavior. We have our simple custom mechanism that replace those variables before deployment to each environment. I thought that scanner only check beginning of the file to identify it. So with this custom solution we cant use this scnanner?

The file looks like it uses valid YAML syntax, and the logs don’t show that the Kubernetes sensor skipped it. I would expect it to be part of the 15 analyzed Kubernetes files. Can you confirm that this file is not analyzed and shown in the UI?

Cheers,

File is detected now and I can see it in UI but I don’t know if it was treat as kubernetes or simple yaml and what validation was done. This is why I suggested to inform in UI how the file was checked (name of the plugin and profile for example)

image1629×551 30.4 KB

A file is assigned to a language based on its extension. So, .yaml files will be assigned to the YAML language. However, other analyzers like Kubernetes and Cloudformation can pick up these files, parse them, and perform their checks on them.
I can see that the file is highlighted, which is a sign that it has been processed by the K8s analyzer. In your case, no issue is raised as no rule is violated. I hope this clarifies.

Cheers,

Ok thanks for clarification - it would be nice to be more explicit in UI but now I know better how it works

Thanks for your valuable feedback. We will consider it.