I have a Terraform repository in Github that is under a Jenkins pipeline. I would like to this Terraform as a new project in the SonarQube dashboard. But it seems SonarQube does not support Terraform.
I wonder if anyone has experience how to do this integration?
Thanks in advance for the help!
Hello @Ali_G,
I’ve had a quick look at https://www.terraform.io/ to get understanding of the languages present in those kind of projects which reads:
Terraform users define infrastructure in a simple, human-readable configuration language called HCL (HashiCorp Configuration Language). Users can write unique HCL configuration files or borrow existing templates from the public module registry.
So, there is no support of the HCL and y0u may be the first to ask.
However, if you looking for support of some specific languages have a look at https://docs.sonarqube.org/latest/instance-administration/plugin-version-matrix/ and you should be able to tell if SonarQube given language natively or with support of community/3rd party plugins.
Hope that helps.
Kris
I’m also interested in a Terraform sonarqube plugin.
Terraform support will be a nice feature, in our organization we have many repos with terraform.
I’m also interested in an HCL plugin
It would be nice to have support for both terraform and packer.
I’m also interested in a Terraform and Packer plugin!
Hey all. I’m moving this topic to the “Suggest New Features” category. Feel free to vote for it.
Hello,
That’s great to see so many requests to get support for Terraform and I’m happy to share with you that this is part of our 2021 roadmap to provide features to secure Cloud Native Apps and as such Terraform and CoudFormation files should be supported.
Alex
Looking forward to this much needed feature
This is really interested feature, please share jira or other official tracking I’d
I know you asked this feature for SonarQube but I only have a tracking card for SonarCloud for the moment. The same portal view for SonarQube will come later in the year (with the expected Terraform card).
I’ve got a question for the users requesting to get Terraform files scanned on SonarQube. I would like to get a little bit of context about why you need this in SonarQube so I would need to know in which context you use today Terraform.
Is it to manage your AWS resources, GCP, Microsoft Azure or private cloud resources, something else?
I’m guessing if you are using Terraform that your company is OK with the idea to deploy its softwares on the cloud directly and that having everything on the cloud is not a problem.
Would it be an option to move to SonarCloud.io instead of using SonarQube to get the scan of your Terraform files?
Or is it mandatory for you to get this feature on SonarQube? In that case, why?
I wasn’t one of the original requestors, but we would very much like to see this feature in SonarQube.
We have a hybrid environment – some work is on-prem and some is in the cloud – so we use SonarQube to scan everything. While our Terraform is (currently) for Microsoft Azure, I wouldn’t be surprised if we ended up using it for private cloud resources as well. We’d really like to be able to scan it with SonarQube, so everything goes through one tool.