Need to analyse json file with sonarqube

I am using sonarqube version 7.9.3 and I have a requirement where I have to scan json files in the source code. I need sonarqube to show me the json files which has password hard-coded in it after scan.
I was checking for the plugin in market place but found none. Then I came across below page which provides the plugin, but I see it is supported till version 6.7.

I am using jenkins to build the job and run sonar-analysis using sonar-scanner plugin in jenkins.

Is there any way to do it?

Appreciate your help!


Hi @Utkarsh_Singh,

There are no other JSON analyzers that I’m aware of. It looks like the 6.7-based plugin you found is looking for a maintainer so this might be an opportunity to take it on :smiley:



I Installed the same plugin in sonarqube version 7.9.3 and it is working fine. Also we have a template rule in it using that we can even create custom rules. I created a pattern to catch hard coded password in json files, though it is not full proof but it works.
Thanks @Cameron …I will think over it.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.