which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Enterprise Edition
Version 8.5 (build 37579)
what are you trying to achieve
Our engineer also put plain password / apikey / token in the configuration file and push it to the repository. Does these are any solution to scan these configuration files so we can identify the sensitive data? We hope to alert this behavior by sonarqube. Look forward your rely and thanks in advance.
Having a secret detection feature is something that might have in next year roadmap.
Do you have concret examples of password / apikey / token leaking into configuration files? Knowing what configuration file are the more sensitive to this problem could help use prioritize.