I am using sonarqube enterprise edition version 9.9.2(build 77730)
I have noticed that when performing scans on a Java project in SonarQube, the resource folder’s properties files are not scanned at all. I would like to scan these properties files to check if they contain any credentials. Could you please let me know how this can be achieved?
Hi,
Welcome to the community!
Your best bet is to upgrade to the latest version, which includes analysis of all files for secrets.
HTH,
Ann
Thank you for your response.
I have completed the upgrade, but the properties files in the Java project are still not being analyzed. Even after adding the src/main/resources folder path to sonar.text.inclusions, the analysis is not performed. Could you help me identify what the issue might be?
Hi,
Can you share your analysis properties, and your analysis log?
The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.
This guide will help you find them.
Thx,
Ann