Skip rule on specific values

Hello Community,

I’ve got a use case where often unit test (especially for Infrastructure as code) use values that are recon as security issue, like using fake access key / secret key or using fake ip addresses.

Is it possible to configure sonar scanner to skip the rule if those values match a specific exclusion list?
Does anybody has the same usecase?

Thanks

Hi,

Security rules shouldn’t be running on unit tests. I think what needs to happen here is getting analysis to stop identifying those files as source files and start recognizing them as test files.

This will involve adjusting your values for sonar.sources and (possibly) sonar.tests. It should be enough to exclude your test files from sonar.sources and have them completely ignored by analysis. Since I don’t think we do much for IaC tests, so it’s gravy if you get them properly identified as tests. Either way, the docs should help.

 
Ann