Using Sonarcloud community edition for an open source project.
when I see some of the Sonar way profiles (e.g. YAML, JSON), they have zero rules!
Why is that so? What purpose does it serve?
Hello,
First, I can confirm there is no bug, this is expected.
We actually need YAML and JSON files to provide IaC features (Terraform and CloudFormation scanning) and to raise Injection Vulnerabilities in your AWS Lambda source code (JavaScript for the moment and later for Python) configured with SAM or Serverless frameworks … and so declared in CloudFormation files.
In order to have such files visible / accessible by the various analyzers of SonarCloud, we have a technical constraint to index these files and provide default stuff such as a “Sonar Way” quality profile. It’s a corner case of our generic way to handle languages.
Alex
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.