{"id":18341875,"url":"https://github.com/sbaudoin/sonar-yaml","last_synced_at":"2025-04-04T10:05:02.499Z","repository":{"id":37917159,"uuid":"135566839","full_name":"sbaudoin/sonar-yaml","owner":"sbaudoin","description":"SonarQube plugin to analyze YAML files","archived":false,"fork":false,"pushed_at":"2024-12-20T15:35:31.000Z","size":464,"stargazers_count":62,"open_issues_count":20,"forks_count":29,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-27T13:07:50.544Z","etag":null,"topics":["sonar","sonarqube","sonarqube-plugin","yaml","yaml-plugin"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sbaudoin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-05-31T10:06:13.000Z","updated_at":"2025-01-02T06:31:13.000Z","dependencies_parsed_at":"2023-10-17T04:43:29.327Z","dependency_job_id":"14827a9c-6ca0-4abb-84d1-17d5059a3546","html_url":"https://github.com/sbaudoin/sonar-yaml","commit_stats":{"total_commits":232,"total_committers":11,"mean_commits":21.09090909090909,"dds":0.06896551724137934,"last_synced_commit":"89941c25368ca2402e5b7775305dcaa712d0d009"},"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbaudoin%2Fsonar-yaml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbaudoin%2Fsonar-yaml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbaudoin%2Fsonar-yaml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbaudoin%2Fsonar-yaml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sbaudoin","download_url":"https://codeload.github.com/sbaudoin/sonar-yaml/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247155708,"owners_count":20893094,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["sonar","sonarqube","sonarqube-plugin","yaml","yaml-plugin"],"created_at":"2024-11-05T20:28:49.433Z","updated_at":"2025-04-04T10:05:02.474Z","avatar_url":"https://github.com/sbaudoin.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!---\n Licensed to the Apache Software Foundation (ASF) under one or more\n contributor license agreements.  See the NOTICE file distributed with\n this work for additional information regarding copyright ownership.\n The ASF licenses this file to You under the Apache License, Version 2.0\n (the \"License\"); you may not use this file except in compliance with\n the License.  You may obtain a copy of the License at\n\n      http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n--\u003e\nYAML SonarQube Plugin\n=====================\n\n[![Apache License, Version 2.0, January 2004](https://img.shields.io/github/license/apache/maven.svg?label=License)](http://www.apache.org/licenses/LICENSE-2.0)\n[![Maven Central](https://img.shields.io/maven-central/v/com.github.sbaudoin/sonar-yaml-plugin.svg?label=Maven%20Central)](https://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.github.sbaudoin%22%20AND%20a%3A%22sonar-yaml-plugin%22)\n[![Build Status](https://travis-ci.org/sbaudoin/sonar-yaml.svg?branch=master)](https://travis-ci.org/sbaudoin/sonar-yaml)\n[![Sonarcloud Status](https://sonarcloud.io/api/project_badges/measure?project=sbaudoin_sonar-yaml\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=sbaudoin_sonar-yaml)\n[![Sonarcloud Status](https://sonarcloud.io/api/project_badges/measure?project=sbaudoin_sonar-yaml\u0026metric=coverage)](https://sonarcloud.io/dashboard?id=sbaudoin_sonar-yaml)\n\nSonarQube plugin to analyze YAML code based on [yamllint](https://github.com/sbaudoin/yamllint).\n\n## Rules\n\nThe plugin comes with a default \"Sonar way\" profile with most common rules enabled:\n\n* Anchors check\n* Syntax error check\n* Braces check\n* Brackets check\n* Colons check\n* Commas check\n* Comments check\n* Comments indentation check\n* Document start check\n* Empty lines check\n* Empty values check\n* Hyphens check\n* Indentation check\n* Key duplicates check\n* Line length check\n* New line at end of file check\n* New lines check\n* Octal values check\n* Trailing spaces check\n* Truthy check\n\nSome additional rules are provided but not enabled by default:\n\n* Document end check\n* Float values check\n* Forbidden key check (template)\n* Forbidden value check (template, new in 1.3.0)\n* Key ordering check\n* Quoted strings check (new in 1.4.0)\n* Required key check (template, new in 1.5.0)\n* Int value in range check (template, new in 1.8.0)\n\nOnce installed, you may go to the profile management screens to create your own profile and add or remove rules, change levels, and parameters, etc.\n\n## Installation\n\nPlugin for SonarQube 8.1+ (including 8.9 LTS), 9.0+ (including SonarQube 9.2 as of version 1.7 and 9.9 LTS), 10.0+ (tested on 10.2 only).\n\nJust [download the plugin JAR file](https://github.com/sbaudoin/sonar-yaml/releases) and copy it to the `extensions/plugins` directory of SonarQube and restart.\n\n## Ancestors rule properties\n\nVersion 1.8.0 introduces included-ancestors and excluded-ancestors as regex rule properties, for the following template checks:\n1. forbidden key\n2. forbidden value\n3. required key and\n4. int value in range\n\nThis provides the possibility to apply the checks _only_ in a certain scope 1 and/or _only not_ in a certain scope 2. Current limitation: yaml list notation is not supported by ancestor matching.\n\n## Troubleshooting/known issues\n\n### Scan fails with \"ERROR: Caused by: _x_ is not a valid line offset for pointer. File _xyz.yml_ has _y_ character(s) at line _z_\"\n\nThis may be due to [issue #6](https://github.com/sbaudoin/sonar-yaml/issues/6): if your YAML file contains YAML-valid UTF-8 line break characters such as U+2028, SonarQube\nmay just strip them, causing the character and lines references being different between the YAML parser and SonarQube.\n\nIf such an error is met, go to the main or project general settings of the YAML plugin and enable the option \"Filter UTF-8 Line Breaks\".\nThis will make the plugin to ignore some valid UTF-8 line break characters (U+2028, U+2029 and U+0085) so that SonarQube and the plugin\nboth use the same character and line indices and, the scan should complete.\n\n### SonarQube 9.2 no longer starts after installing the plugin\n\nThis is due to the fact that SonarQube 9.2 has brought native support to the YAML language. See [PR #58](https://github.com/sbaudoin/sonar-yaml/pull/58)\nand [issue #63](https://github.com/sbaudoin/sonar-yaml/issues/63). To fix the issue, please install the plugin version 1.7+\n\n### Scan fails with \"java.lang.UnsupportedOperationException: Can not add the same measure twice\"\n\nThis is due to the fact that some other plugin has already saved measures for the YAML files. See [issue #70](https://github.com/sbaudoin/sonar-yaml/issues/70).\nThis issue is fixed with version 1.8.0. If you cannot upgrade, you must disable this plugin or the other plugins that scan YAML files.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsbaudoin%2Fsonar-yaml","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsbaudoin%2Fsonar-yaml","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsbaudoin%2Fsonar-yaml/lists"}