Sonarqube Helm Chart

Sonarqube
Analyzed version: 3.0.0+296

By SonarSource

SonarQube offers Code Quality and Code Security analysis for up to 27 languages. Find Bugs, Vulnerabilities, Security Hotspots and Code Smells throughout your workflow.

Prometheus, a CNCF project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true.

This chart bootstraps a Prometheus deployment on a Kubernetes cluster using the Helm package manager.

Latest version: 15.5.3
View GitHub

How to Install the Sonarqube Helm Chart

Add Chart Repository to Helm

helm repo add sonarqube https://SonarSource.github.io/helm-chart-sonarqube

Install Chart

helm install my-sonarqube sonarqube/sonarqube --version 3.0.0+296

Does the Sonarqube chart contain security gaps?

The chart meets the best practices recommended by the industry.

The chart contains 12 misconfigurations.

The chart meets the best practices recommended by the industry. Find the full list of best practices here.

❌ Ensure workload has valid label values

2 occurrences:

  • metadata.name: release-name-sonarqube (kind: StatefulSet)
  • metadata.name: release-name-ui-test (kind: Pod)

💡 Incorrect value for key(s) under `labels` - the vales syntax is not valid so the Kubernetes engine will not accept it

Learn how to fix the issue here

❌ Ensure each container image has a pinned (tag) version

1 occurrences:

  • metadata.name: release-name-ui-test (kind: Pod)

💡 Incorrect value for key `image` - specify an image version to avoid unpleasant "version surprises" in the future

Learn how to fix the issue here

❌ Ensure each container has a configured memory limit

1 occurrences:

  • metadata.name: release-name-ui-test (kind: Pod)

💡 Missing property object `limits.memory` - value should be within the accepted boundaries recommended by the organization

Learn how to fix the issue here

❌ Prevent deploying naked pods

1 occurrences:

  • metadata.name: release-name-ui-test (kind: Pod)

💡 Incorrect value for key `kind` - raw pod won't be rescheduled in the event of a node failure

Learn how to fix the issue here

❌ Prevent container security vulnerability (CVE-2021-25741)

12 occurrences:

  • metadata.name: release-name-postgresql (kind: StatefulSet)
  • metadata.name: release-name-sonarqube (kind: StatefulSet)

💡 Forbidden property object `subPath` - malicious users can gain access to files & directories outside of the volume

Learn how to fix the issue here

❌ Ensure each container has a configured memory request

1 occurrences:

  • metadata.name: release-name-ui-test (kind: Pod)

💡 Missing property object `requests.memory` - value should be within the accepted boundaries recommended by the organization

Learn how to fix the issue here

❌ Ensure each container has a configured CPU request

1 occurrences:

  • metadata.name: release-name-ui-test (kind: Pod)

💡 Missing property object `requests.cpu` - value should be within the accepted boundaries recommended by the organization

Learn how to fix the issue here

❌ Prevent workload from using the default namespace

1 occurrences:

  • metadata.name: release-name-postgresql (kind: StatefulSet)

💡 Incorrect value for key `namespace` - use an explicit namespace instead of the default one (`default`)

Learn how to fix the issue here

❌ Ensure each container has a configured CPU limit

1 occurrences:

  • metadata.name: release-name-ui-test (kind: Pod)

💡 Missing property object `limits.cpu` - value should be within the accepted boundaries recommended by the organization

Learn how to fix the issue here

❌ Ensure each container has a configured liveness probe

1 occurrences:

  • metadata.name: release-name-ui-test (kind: Pod)

💡 Missing property object `livenessProbe` - add a properly configured livenessProbe to catch possible deadlocks

Learn how to fix the issue here

This is some text inside of a div block.
This is some text inside of a div block.

Reveal misconfigurations within minutes

3 Quick Steps to Get Started