Will SonarCloud scan IaC repos using terragrunt on top of terraform?
I noticed there is support for IaC scan post terraform plan. Can we use terragrunt to manage our terraform and still have IaC scan?
Hello @deuceqhr, and welcome to the Community!
Thanks for raising awareness on this topic.
Currently, our Terraform analyzer does not support Terragrunt and its features.
Although technically it may be possible to scan a Terragrunt project with our Terraform analyzer, there is a chance it would misinterpret the intent of some elements.
This would induce a loss in precision and potentially raise the number of FPs and FNs.
Unfortunately, I cannot give you more precision on this topic; we have not explored it so far.
I hope this answers your question.
Best,
Rudy
I forgot to mention that for your terragrunt files to be analyzed, you may need to change the configuration sonar.terraform.file.suffixes to allow those files, with .tf,.hcl.
Again, analyzing those files was not initially planned and may not be fully supported, so feel free to provide any feedback.
Thanks.
Rudy