Scanning configuration files

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Enterprise Edition Version 9.6 (build 59041)
  • what are you trying to achieve
    Scan config files part of the application, as developers te4nd to store sensitive data in plain text on config files
  • what have you tried so far to achieve this
    Config files are not getting scanned. Need confirmation whether config files are supported.


Welcome to the community!

Your plain text files are being scanned, but probably only for bidirectional characters.

Can you share what file extensions you’re interested in, and what patterns (e.g. key=value) you expect to be analyzed?


We are looking to scan .config files.
Patterns are,

  • Password=value
  • Key=value
  • key=“name” value=“value”


Thanks for the details. I’m going to ping internally on this (but I wouldn’t hold my breath if I were you).