Hi all,
It turns out we’ve been slowly rolling out a new analyzer that scans JSON and YAML for secrets. It’s quite possible it was turned on for your orgs recently. Would you mind posting your Org IDs so we can dig into the data on our side? ?
@groogiam you would see the footprint of this scanner in your analysis logs. (@dougiewright, you obviously don’t have access to your analysis logs.)
You can disable this in the project Administration → General Settings → Languages → JSON → Activate JSON file analysis. And the same for YAML.
Sorry for the confusion. It’s on my list to get a reliable way to look up recent changes to SonarQube Cloud. 
Ann