[Sonarqube 9.9 LTS] Kubernetes Sensor ignoring file errors

SonarQube
,
1

  • Which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Sonarqube version: 9.9 LTS
    Scanner: 4.8.0.2856

  • How is SonarQube deployed: zip, Docker, Helm
    Installed via zip file in a VM

  • what are you trying to achieve
    Be able to find errors in kubernetes manifests files using Kubernetes parsing failure rule.

  • what have you tried so far to achieve this
    I’ve used this simple yaml file for testing the accuracy of this kubernetes rule but it passed, i don’t know why since it has some flaws like repeated map keys and absence of “containers” required field.

So i just want to know how the kubernetes parsing works in sonarqube because i thought that it would be the same as kubeval or yamllint tools

deploy.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  label:
    app: deploy1
  name: deploy1
spec:
  replicas: 1
  selector:
    matchLabels:
      run: deploy1
  strategy: {}
  template:
    spec:
    spec:
      container:
      - images: nginx
        name: container-1
        ports:
        - containerPort: 80

Best regards.

5

Hi @Davi_Araujo_Caetano,

sorry for the late response.
The parsing failure rule is not in the default profile. Have you activated the rule in addition?

Best,
Nils

7

Hi @Nils_Werner

Yes, i’ve activated this rule by creating another profile for this specific language (Kubernetes)

image
image1308×353 24.1 KB

As you can see all seven rules are enabled, including the parsing rule.

The kubernetes yaml is identified by sonarqube, but no errors are showing

image
image1301×730 50.3 KB

8

Hi @Davi_Araujo_Caetano,

Thanks for the confirmation. And thanks for the second screenshot. It shows syntax highlighting, which means that our parser is identifying, parsing, highlighting and analysing the file correctly. In fact, there is no parsing error in your file, just a semantic error in the yaml, which we don’t catch with the parsing failure rule.

With our rules we focus on security related hotspots in Kubernetes files.

Best,