I like to know if I can extend JSON Quality Profile to add the rule " Hard-coded credentials are security-sensitive" for appsetting.json files? It needs to form part of our security vulnerability checks.
Hey there.
We also want to detect this in appsettings.json files. Here’s the ticket where we’ll do so: Rule S2068: detect hard-coded passwords in appsettings.json and web.config files · Issue #5427 · SonarSource/sonar-dotnet · GitHub
I don’t have any ETA to share with you at this time.
Very basic/common issue not to have been covered by SonarCloud Security Analysis - I guess I’ll have to look for another solution to prevent these types of violations within our SDLC. I’ll keeping watching the updates on this