I am running Sonar Scanner in GitLab CI with Docker image
sonarsource/sonar-scanner-cli:4.8.0 to analyze AWS Terraform source code. Scan report is pushed to SonarQube EE 9.9.
I have just added Sonar Scanner to CI/CD pipeline, Terraform files have been in the Git repository for a while. Terraform (*.tf files) are properly detected as terraform files:
09:56:23.671 INFO: Project configuration: 09:56:23.673 INFO: Excluded sources: **/plans/** 09:56:23.941 DEBUG: 275 non excluded files in this Git repository 09:56:24.197 DEBUG: 'terraform/main/providers.tf' indexed with language 'terraform' 09:56:24.200 DEBUG: 'terraform/main/resources_api_gateway.tf' indexed with language 'terraform' 09:56:24.203 DEBUG: 'terraform/main/resources_api_gateway_clients_iam.tf' indexed with language 'terraform' ...
Then they are scanned by Sensor TextAndSecrets
09:56:34.494 INFO: Sensor TextAndSecretsSensor [text] 09:56:34.495 INFO: Sensor TextAndSecretsSensor is restricted to changed files only 09:56:34.508 DEBUG: 'terraform/main/resources_s3_lambda.tf' generated metadata with charset 'UTF-8' 09:56:34.528 DEBUG: 'terraform/main/variables.tf' generated metadata with charset 'UTF-8' 09:56:34.531 DEBUG: 'terraform/main/resources_stepfunc_reference.tf' generated metadata with charset 'UTF-8' ... 09:56:34.614 INFO: Sensor TextAndSecretsSensor [text] (done) | time=120ms
Sadly they are not scanned by Sensor IaC:
09:56:39.129 INFO: Sensor IaC Terraform Sensor [iac] 09:56:39.129 INFO: Sensor IaC Terraform Sensor is restricted to changed files only 09:56:39.146 INFO: 0 source files to be analyzed 09:56:39.574 INFO: 0/0 source files have been analyzed
What’s wrong with my sonar scanner configuration?