which versions are you using (SonarQube 10.5) how is SonarQube deployed: Docker I need to see secrets from .env and .gitlab-ci.yml files in Sonar I tried to follow this manual but it says that files beginning with dot will not be analyzed. And then I tried to use truffelhog integration, everythi…

Is it possible to find secrets in .env and .gitlab-ci.yml?

Alexandre_Gigleux (Alexandre Gigleux) June 6, 2025, 2:43pm 6

Sonar is now able to scan .env files.

Topic		Replies	Views
The file .env is not analyzed SonarQube Server / Community Build	9	94	June 6, 2025
Sonar now analyzes "dotfiles" for secrets Sonar Updates security , secrets	1	67	June 6, 2025
No secrets detected in .env files SonarQube Cloud secrets	3	24	June 10, 2025
Secret detection in yaml files SonarQube Server / Community Build scanner , security , secrets , yaml	2	89	November 27, 2024
Sonar scan inside docker file SonarQube Server / Community Build gitlab , pull-request , docker	1	1738	February 23, 2022