SonarQube rule to scan/read YML files


(Rajesh Balu) #1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension):
    SonarQube: 6.7
    Scanner: 3.0.3
  • what are you trying to achieve: Want to read YML files in an application to check for specific values
  • what have you tried so far to achieve this: Could not find any readily available plugin. So I tried to convert YML to XML file and thought of writing XPATH rule. But I do not know how to integrate these two items in SonarQube.

Any suggestion will be very helpful.


(Nicolas Bontoux) #2


Am not aware of any Community Plugin targeting YML code. Your question here seems more like a feature request suited to #suggestions . Note that your use-case would have to be further documented though:

Check specific values for … ? Try to relate that to code quality bug/vulnerability/code_smell detection, since that’s what SonarQube is about.

Note that if you already have external tools catching issues in YML code, you can potentially leverage
Generic Issue Data.

(Rajesh Balu) #3


There are certain enterprise level standards which needs to be followed in all the applications. For an instance, timeout should not be of 0 secs, port number should not be 7007. If any of the applications configured with the given value in YML files, we need to mark it as vulnerability and need to notify the development team to act on it. This is the given use case for me. Please let me know if this is not making any sense.

So, I am looking for a plugin/way to scan YML values which will look for the values (like XPATH).