Please provide example of using iac analyzer

SonarQube Server / Community Build
1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Setting up 9.2.1-developer upgrade
  • what are you trying to achieve
    We have extensive Terraform infrastructure in use, and wish to make use of new analyzers. Where can we see example of usage?
  • what have you tried so far to achieve this
1 Like
2

Hi Mark,

There is nothing to set up except a normal analysis with sonar-scanner. Our analyzer searches for .tf files, analyzes them, and shows the results as for any other code.

Please let me know if you need help with a specific step.

2 Likes
3

Ran a test over our repository, and determined that we would need to setup a series of analyses, since the repository contains a hierarchy of over 10 accounts, each of which describes from one to several dozen to over 100 different service configurations. This should be an interesting challenge.

1 Like
4

Hi @Jaff,

Sure! We’re really looking forward to having your feedback on Terraform Scans, it will be one of the first for us :grinning:

Loris

5

thanks for the awesome information.

6

Can you please explain steps to scan Cloudformation .yaml/json template scan? will sonar-scanner work as you said for .tf too?

7

Hi Mohammad and welcome! Yes, just run sonar-scanner normally. There is nothing to configure for Cloudformation either, we simply scan the yaml/json files and look for the Cloudformation header.

8

Great, Thank you Hendrik

1 Like
9

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.