After downloading several projects into Sonarcloud from GitHub, I received a HIGH security issue titled Revoke and change this password, as it is compromised. The java code is from src/main/resources/application.properties file and it shows user ID and password in clear text.
Does anyone know if this is a mere suggestion not to use clear credentials in the code (as I understand why) or does Sonarcloud actually runs credentials against dark web sources?