Hello,
I’m excited to share that we have just launched the beta version of the SonarQube Secrets CLI, and anyone can now request access.
Sonar already provides a highly efficient way to detect leaking secrets, tokens, and passwords in your codebase at various stages of the development cycle. This detection can be performed within your CI/CD pipelines or directly in your IDE via SonarQube for IDE. While these tools are powerful, they don’t strictly prevent findings from being ignored and as we all know, once a secret reaches a Git repository, it is already too late.
This is why we developed the Secrets CLI. It delivers the same detection power but prevents the commit from occurring in the first place. By utilizing a pre-commit hook, the Secrets CLI ensures that secrets are removed before a commit can be finalized.
This tool comes at no additional cost. It is available to anyone with a SonarQube Cloud account or a commercial edition of SonarQube Server.
Check it out and let me know what you think.
Alex