YAML

The analysis of YAML files is enabled for some organizations via a feature flag, and will soon be enabled by default for all users. If you want to manually opt-in, you can set the sonar.featureflag.cloud-security-enable-generic-yaml-and-json-analyzer property to true.

By setting the above mentioned property to false, you can also opt-out of the analysis during this roll-out phase.

You can permanently disable the analysis by setting the sonar.yaml.activate property to false .

These properties do not affect analysis of language / framework specific YAML files.

In addition to this general YAML analysis, YAML files detected as belonging to CloudFormation, Kubernetes/Helm, or Ansible are also analyzed by the dedicated analyzers.

Language-specific properties

To discover and update the YAML-specific properties, navigate in SonarQube Cloud to Your Project > Administration > General Settings > Languages > YAML. See the Analysis parameters page for more information about specific properties.