Hi,
I am using sonarqube version 7.9.3 and I have a requirement where I have to scan json files in the source code. I need sonarqube to show me the json files which has password hard-coded in it after scan.
I was checking for the plugin in market place but found none. Then I came across below page which provides the plugin, but I see it is supported till version 6.7.
I am using jenkins to build the job and run sonar-analysis using sonar-scanner plugin in jenkins.
There are no other JSON analyzers that I’m aware of. It looks like the 6.7-based plugin you found is looking for a maintainer so this might be an opportunity to take it on
I Installed the same plugin in sonarqube version 7.9.3 and it is working fine. Also we have a template rule in it using that we can even create custom rules. I created a pattern to catch hard coded password in json files, though it is not full proof but it works.
Thanks @Cameron …I will think over it.
