Hardcoded Passwords Not Detected in .NET Project Scan

SonarCloud scan is not flagging hardcoded passwords as a security vulnerability

Hardcoded Passwords Not Detected in .NET Project Scan

Hi everyone,

I’ve integrated SonarCloud with my .NET project, and the scan is working as expected. It’s successfully detecting other bugs and issues. However, it’s not flagging hardcoded passwords as security vulnerabilities.

Here’s what I’ve done so far:

  1. Integration: Successfully integrated SonarCloud with my .NET project.
  2. Scanning: The scan runs without issues and detects other bugs and vulnerabilities.
  3. Rules Activation: I’ve activated the relevant rules for detecting hardcoded passwords.

Despite these steps, the hardcoded passwords are not being detected. Has anyone faced a similar issue or can you provide insights on what might be going wrong? Any suggestions or troubleshooting steps would be greatly appreciated.

Test Code for detect bugs


Hey there.

  • The branch summary shows “2 new lines” – is one of those 2 lines the line where you expect the issue to be raised? SonarCloud analyses of short-lived branches and pull requests only raise issues on changed lines (while long-lived branch analysis, including the main branch, shows all issues). Check out the Code tab of the analysis you shared.
  • Please include copy-pastable code, not a screenshot :pray:

I have tested in PR and short-lived branches. Other bugs are being flagged, but the hardcoded password rule is not flagging the code as a bug.