Hi,
I was thinking secrets detection might have different capabilities in SonarQube Cloud depending on your plan, but it looks like I was wrong.
I think what’s going on here is that we scan “dotfiles” for secrets, not the .env file extension.
Explicitly, if these files were .localenv and .remoteenv instead of local.env and remote.env, they would be scanned. As it is, I think they’re not recognized. I’m going to flag this for the developers.
Ann