Is there a way to get SonarQube to raise a violation if certain files/folders are found in source?
For example, specifically-named configuration files which contain sensitive data (e.g. passwords) should not be included in version control, and neither should IDE-specific configuration directories like IntelliJ's ".idea" and Eclipse's ".settings" folders.
(Side-note: I'm aware these can/should be part of a global ignore in version control - but that's not what I'm asking about)
I'd like SonarQube to raise a violation during analysis if any of a set of files/folders exist, preferably using a regex-or-similar pattern to do the checking.
I've read up on the fact that SonarQube plugins can be written in Java, but this seems such a simple concept (and one I'm sure isn't unique) that I'm a little surprised I haven't been able to find any existing rules or plugins. The closest I've found is sonar-text-plugin, though that focuses on file contents rather than whether files exist at all.
Before I go reinventing the wheel, is there something pre-existing which could offer this?
SonarQube version 4.5.7 - upgrading is an option if there's no other route.
I do confirm that there is no such built-in feature in SonarQube.
You may be want to write a custom rule for the java plugin.