- Enabled Terraform recommended preset
- Added rules for documentation, naming conventions, and unused declarations
- Note: No TFLint plugins available for vsphere or vault providers
- Core Terraform ruleset will still catch syntax errors and best practices
- Added TFLint job to catch Terraform errors and best practices
- TFLint runs before Checkov for early error detection
- Uses latest TFLint version with automatic initialization
- Pipeline flow: TFLint -> Checkov -> SonarQube
- Added Checkov security scan job that runs before SonarQube
- Configured for Terraform-specific IaC compliance checks
- Outputs results in CLI and SARIF formats
- Uploads scan results as artifacts for review
- SonarQube job now depends on Checkov passing
- Renamed workflow to reflect both quality and security scanning
- Updated SonarQube action from kitabisa/sonarqube-action@v1.2.0 to sonarsource/sonarqube-scan-action@v4
- Official action uses Java 17, compatible with SonarQube 25.10
- Added sonar-project.properties with Terraform-specific exclusions
- Fixes: java.lang.UnsupportedClassVersionError (class file version 61.0 vs 55.0)
- Add vSphere resource pool management
- Configure CPU and memory allocation controls
- Implement tagging system for organization
- Add comprehensive documentation
