SonarQube Enterprise Edition 9.9 LTS - IaC code check capability for Kubernetes YAML files

Davi_Araujo_Caetano · February 16, 2023, 9:35pm

Hello guys,

I am writing to report an issue I am facing with the SonarQube Enterprise Edition 9.9 LTS. I have been testing the IaC code check capability for Kubernetes YAML files, but I have noticed that the tool is ignoring the YAML files when generating the report.

I am using SonarQube Enterprise Edition 9.9 LTS and have followed the instructions for setting up the IaC code check capability for Kubernetes YAML files using Github Actions. However, when I run the analysis, the tool does not seem to detect any issues in the YAML files, and they are not included in the report, so i have verified that the YAML files are present in the source code and that they are being analyzed by SonarQube.

This is my github actions

on:
  push:
    branches:
       - 'master' 
  pull_request:
      types: [opened, synchronize, reopened]
      
name: SonarQube Yaml Check
jobs:
  sonarqube-yaml-check:
    runs-on: [self-hosted, runner]
    steps:
    - name: Checkout code
      uses: actions/checkout@v3
      with:
        fetch-depth: 0
    
    - name: Setup sonar
      uses: warchant/setup-sonar-scanner@v4

    - name: Run sonarqube analysis
      run: 'sonar-scanner -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} -Dsonar.login=${{ secrets.SONAR_TOKEN }}' 
      
    - name: SonarQube Quality Gate check
      uses: sonarsource/sonarqube-quality-gate-action@master
      timeout-minutes: 5
      env:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

sonar-project.properties

sonar.projectKey=<project-key>
sonar.sources=.

Logs:

INFO: Scanner configuration file: /actions-runner/_work/_tool/sonar-scanner/4.6.2.2472/x64/sonar-scanner-4.6.2.2472-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /actions-runner/_work/k8s-artifacts/k8s-artifacts/sonar-project.properties
INFO: SonarScanner 4.6.2.2472
INFO: Java 11.0.11 AdoptOpenJDK (64-bit)
INFO: Linux 5.10.127+ amd64
INFO: User cache: /actions-runner/.sonar/cache
INFO: Scanner configuration file: /actions-runner/_work/_tool/sonar-scanner/4.6.2.2472/x64/sonar-scanner-4.6.2.2472-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /actions-runner/_work/k8s-artifacts/k8s-artifacts/sonar-project.properties
INFO: Analyzing on SonarQube server 9.9.0.65466
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=319ms
INFO: Server id: xxx
INFO: User cache: /actions-runner/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=103ms
INFO: Load/download plugins (done) | time=927ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Process project properties (done) | time=1ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=3ms
INFO: Project key: x
INFO: Base dir: /actions-runner/_work/k8s-artifacts/k8s-artifacts
INFO: Working dir: /actions-runner/_work/k8s-artifacts/k8s-artifacts/.scannerwork
INFO: Load project settings for component key: ''x"
INFO: Load project settings for component key: '' (done) | time=72ms
INFO: Load project branches
INFO: Load project branches (done) | time=70ms
INFO: Load branch configuration
INFO: Detected branch/PR in 'GitHub Action'
INFO: Auto-configuring pull request '605'
INFO: Load branch configuration (done) | time=10ms
INFO: Auto-configuring with CI 'Github Actions'
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=250ms
INFO: Load active rules
INFO: Load active rules (done) | time=3119ms
INFO: Load analysis cache
INFO: Load analysis cache (404) | time=21ms
INFO: Pull request 605 for merge into master from feature/sonarqube-k8s-lint
INFO: Load project repositories
INFO: Load project repositories (done) | time=55ms
INFO: SCM collecting changed files in the branch
INFO: Merge base sha1: b539b07941a6cad22bd65d502386046485c2a175
INFO: SCM collecting changed files in the branch (done) | time=896ms
INFO: Indexing files...
INFO: Project configuration:
INFO: 460 files indexed
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for yaml: Sonar way
INFO: ------------- Run sensors on module x
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=83ms
INFO: Sensor IaC CloudFormation Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=6438ms
INFO: Sensor IaC Kubernetes Sensor [iac]
INFO: 457 source files to be analyzed
ERROR: Unable to parse file: file:///actions-runner/_work/k8s-artifacts/k8s-artifacts/weatherapi/production/deployment.yaml. 
ERROR: Cannot parse 'weatherapi/production/deployment.yaml': class org.snakeyaml.engine.v2.events.CommentEvent cannot be cast to class org.snakeyaml.engine.v2.events.NodeEvent (org.snakeyaml.engine.v2.events.CommentEvent and org.snakeyaml.engine.v2.events.NodeEvent are in unnamed module of loader org.sonar.classloader.ClassRealm @52a70627)
ERROR: Unable to parse file: file:///actions-runner/_work/k8s-artifacts/k8s-artifacts/test/staging/deployment.yaml. Parse error at position 27:0
ERROR: Cannot parse 'test/staging/deployment.yaml': while parsing a block mapping
 in reader, line 16, column 5:
        metadata:
        ^
expected <block end>, but found '<block mapping start>'
 in reader, line 27, column 6:
    					limits:
         ^

INFO: 457/457 source files have been analyzed
INFO: Sensor IaC Kubernetes Sensor [iac] (done) | time=5272ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=2ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=224ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=1ms
INFO: Sensor HTML [web]
INFO: Sensor HTML is restricted to changed files only
INFO: Sensor HTML [web] (done) | time=9ms
INFO: Sensor TextAndSecretsSensor [text]
INFO: Sensor TextAndSecretsSensor is restricted to changed files only
INFO: 2 source files to be analyzed
INFO: 2/2 source files have been analyzed
INFO: Sensor TextAndSecretsSensor [text] (done) | time=165ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=2ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=285ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=4ms
INFO: Sensor JavaScript inside YAML analysis [javascript]
INFO: No input files found for analysis
INFO: Hit the cache for 0 out of 0
INFO: Miss the cache for 0 out of 0
INFO: Sensor JavaScript inside YAML analysis [javascript] (done) | time=417ms
INFO: Sensor CSS Rules [javascript]
INFO: Sensor CSS Rules is restricted to changed files only
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [javascript] (done) | time=2ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=6ms
INFO: Sensor IaC Docker Sensor [iac]
INFO: Sensor IaC Docker Sensor is restricted to changed files only
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC Docker Sensor [iac] (done) | time=301ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=8ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=304ms
INFO: Sensor AWS SAM Inline template file sensor [security]
INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=301ms
INFO: Sensor javabugs [dbd]
INFO: Reading IR files from: /actions-runner/_work/k8s-artifacts/k8s-artifacts/.scannerwork/ir/java
INFO: No IR files have been included for analysis.
INFO: Sensor javabugs [dbd] (done) | time=2ms
INFO: Sensor pythonbugs [dbd]
INFO: Reading IR files from: /actions-runner/_work/k8s-artifacts/k8s-artifacts/.scannerwork/ir/python
INFO: No IR files have been included for analysis.
INFO: Sensor pythonbugs [dbd] (done) | time=3ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /actions-runner/_work/k8s-artifacts/k8s-artifacts/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=47ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /actions-runner/_work/k8s-artifacts/k8s-artifacts/ucfg_cs2
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=30ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /actions-runner/_work/k8s-artifacts/k8s-artifacts/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=1ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /actions-runner/_work/k8s-artifacts/k8s-artifacts/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=1ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /actions-runner/_work/k8s-artifacts/k8s-artifacts/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor JsSecuritySensor [security] (done) | time=0ms
INFO: ------------- Run sensors on project
INFO: Sensor Analysis Warnings import [csharp]
INFO: Sensor Analysis Warnings import [csharp] (done) | time=1ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=68ms
INFO: CPD Executor Calculating CPD for 0 files
INFO: CPD Executor CPD calculation finished (done) | time=0ms
INFO: SCM writing changed lines
INFO: Merge base sha1: b539b07941a6cad22bd65d502386046485c2a175
INFO: SCM writing changed lines (done) | time=22ms
INFO: Analysis report generated in 475ms, dir size=604.2 kB
INFO: Analysis report compressed in 1200ms, zip size=319.0 kB
INFO: Analysis report uploaded in 70ms
INFO: ANALYSIS SUCCESSFUL, 
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at ***/api/ce/task?id=xxx
INFO: Analysis total time: 47.406 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 54.908s
INFO: Final Memory: 38M/107M
INFO: ------------------------------------------------------------------------

I have configured the quality profile in the yaml files project to use kubernetes profile.

Thank you for your help.

Best regards,

Davi_Araujo_Caetano · February 18, 2023, 10:40pm

I just resolved this issue, i just needed to activate the parsing rule on kubernetes profile

system · February 25, 2023, 10:41pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.