Skip to content

sbaudoin/sonar-yaml

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
it
 
 
src
 
 
 
 
 
 
 
 
 
 
 
 

YAML SonarQube Plugin

Apache License, Version 2.0, January 2004 Maven Central Build Status Sonarcloud Status Sonarcloud Status

SonarQube plugin to analyze YAML code based on yamllint.

Rules

The plugin comes with a default "Sonar way" profile with most common rules enabled:

  • Syntax error check
  • Braces check
  • Brackets check
  • Colons check
  • Commas check
  • Comments check
  • Comments indentation check
  • Document start check
  • Empty lines check
  • Empty values check
  • Hyphens check
  • Indentation check
  • Key duplicates check
  • Line length check
  • New line at end of file check
  • New lines check
  • Octal values check
  • Trailing spaces check
  • Truthy check

Some additional rules are provided but not enabled by default:

  • Document end check
  • Forbidden key check
  • Forbidden value check (new in 1.3.0)
  • Key ordering check
  • Quoted strings check (new in 1.4.0)
  • Required key check (new in 1.5.0)

Once installed, you may go to the profile management screens to create your own profile and add or remove rules, change levels, and parameters, etc.

Installation

Plugin for SonarQube 6.6+ (tested on 6.7 LTS), 7.0+ (tested on 7.7, 7.8 and 7.9 LTS), 8.0+ (including 8.9 LTS), 9.0+ (including SonarQube 9.2 as of version 1.7).

Just download the plugin JAR file and copy it to the extensions/plugins directory of SonarQube and restart.

Troubleshooting/known issues

Scan fail with "ERROR: Caused by: x is not a valid line offset for pointer. File xyz.yml has y character(s) at line z"

This may be due to issue #6: if your YAML file contains YAML-valid UTF-8 line break characters such as U+2028, SonarQube may just strip them, causing the character and lines references being different between the YAML parser and SonarQube.

If such an error is met, go to the main or project general settings of the YAML plugin and enable the option "Filter UTF-8 Line Breaks". This will make the plugin to ignore some valid UTF-8 line break characters (U+2028, U+2029 and U+0085) so that SonarQube and the plugin both use the same character and line indices and, the scan should complete.

SonarQube 9.2 no longer start after installing the plugin

This is due to the fact that SonarQube 9.2 has brought native support to the YAML language. See #58 and #63. To fix the issue, please install the plugin version 1.7+