Hi, is this available in SonarQube Cloud, Team tier? Does it require configuration to enable? I have a test repo with .env files in it and they are not present in Code tab (expected behavior until this feature release).
Hello,
This feature is available for all tiers on SonarQube Cloud, and no configuration is required to enable it - it is enabled by default.
If you are not seeing any new detections, it may be related to the Scanner you are using. The feature works reliably with the Scanner CLI. However, with other Scanners (such as those for Java, Gradle, .NET, etc.), there are some edge cases where dotfiles may not be considered.
Could you please let me know which Scanner you are using on your side? This information will help us assist you further.
Thanks
Alex
Thanks. This is an exciting new feature, look forward to get it working 
I checked one of my projects using github workflow with SonarSource/sonarcloud-github-action
It last ran on 6th of June, both a PR and merge to main and it has some mock secrets in the root folder in a .env.development file that should probably be flagged by this, but the .env.development file is absent from code tab in the project page SonarQube Cloud (fake link). As far as I understand, I am seeing the default behavior as expected before this release. It is quite likely that something is wrong in my config, but I have checked and I don’t seem to have explicit exclusions that could be causing this.
I am happy to share more info in a private conversation, just let me know.
Kind regards,
sam.
Let’s continue the discussion privately and I’ll share the conclusion of our investigations here once it’s over. I sent to you a private message.
1 Like