SonarCloud now supports Helm Chart scanning!

Hello,

We are thrilled to share a major update with you! SonarCloud has expanded its scanning capabilities to include Helm Chart files, adding to our existing support for Kubernetes.

You have nothing to do to benefit from this feature and scan your Helm Chart files. If you have a repository with Helm Chart, Kubernetes templates, and values.yaml, SonarCloud will know how to interpret that properly.

In addition, we added a couple of rules to make your K8S and Helm Chart files cleaner. In total it’s now 15 rules that apply to these technologies.

SonarQube users will get soon the same when upgrading to SonarQube 10.4.

Enjoy!
Alex

3 Likes

Hi Alexandre,

Thank you for the update!
I tried using this for my helm charts. Even though it was able to scan many files successfully, there were still some files for which “Template evaluation failed”. Looking at the debug logs, it seems like sonar is still not able to scan “sub-charts” that some charts are dependent on, because it wasn’t able to understand the variables from a sub-chart.
Please let me know how I can resolve this, and if this is already part of your current release of helm chart scan support.

Thanks,
Tejas

1 Like

Hi @Guillaume_Brunel ,

Can you create a new thread? Please include a few attachments to help us investigate:

  • Maven build logs with your build command
  • A sample file/folder that isn’t being detected or a small reproducer project/zip file that we can run to mimic the failure easily