Rule pack to check for 12-Factor Cloud Native characteristics?

[mpie...@gmail.com]

This isn't related to a specific language pack, but as we start to promote cloud-native applications, would it be possible to consider enhancing the current language packs for 12 - factor characteristics found on 12factor.net?

[G. Ann Campbell]

Hi,

Your request isn't clear to me. Your title cites rules, your body discusses language packs. Your link talks about ALM. Can you clarify what you're looking for?

Ann

P.S. Please be aware that the standard courtesies (Hi, Thanks, ...) are appreciated in this group.

[mpie...@gmail.com]

Hello,

Pardon my ignorance, as we are currently evaluating Sonarqube and are not yet fluent in the definition/terminology of components within the product.

I am looking for any capability in Sonarqube to be able to scan code, and identify characteristics which go against the 12 factor model.  Things such as (but not limited to):
- OS Dependencies
- File system dependencies
- Hard-coded configurations within code (ie:  database connection string/credentials)

We currently promote a cloud-native application development model, but would like  a way to enforce it, and potentially, use a tool such as SonarQube as a vetting process for legacy applications transforming to cloud platforms.

Hope this helps clarify, please feel free to let me know if you have any thoughts or comments.

Thanks,

Mark

[G. Ann Campbell]

Hi Mark,

The answer to your question is probably "no". At least, I'm not aware of anything in this area.

However, assuming the setup of your 12-factor model is specified in some configuration file(s), it should be possible for you to write an analyzer with the rules you want, or depending on the file type to extend an existing analyzer with additional rules.

Ann

---

G. Ann Campbell | SonarSource

Product Manager

@GAnnCampbell

https://sonarsource.com

--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/858TNUZVCDc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/f5b026e0-5e57-46cf-afdf-1f2ceeffb019%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Colin Mueller]

Mark,

There are some rules that cover some of what you're looking for. Check out https://next.sonarqube.com/sonarqube/coding_rules#q=hard coded to see rules related to hard-coded credentials, URIs, and IP Addresses.

@Ann, perhaps SonarQube would consider a 12factor tag for rules that relate to 12-factor characteristics  (if there were enough rules and enough interest)

Colin

To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.

[dinesh.bo...@sonarsource.com]

Sounds interesting, I've created an "idea" MMF to keep track of this: https://jira.sonarsource.com/browse/MMF-1156

Are you able to give some more details about what you expect from SonarQube:

1. What rules specifically do you have in mind?
   
2. For which languages?

More input will enable us to tackle this subject sooner :-)

[bfl...@keyholesoftware.com]

Great idea. I posted to MMF-1156 a set of rules used to identify cloud-readiness issues.