Secrets are not getting Discovered by Sonarcloud

Lukasz1 · May 7, 2025, 7:56am

Hello Guys,

We are setting up Sonarcloud for our client which has currently Legacy Pricing tier. We want to discover secrets every time it is committed to the repository. We have enabled all quality rules to discover secrets that are committed to the repository. Sadly once they are committed they are not getting discovered. For example we have committed Databricks PAT token into the repo and Sonarcloud haven’t picked it up. All quality rules are enabled and linked to the the repository. Could it be that Sonarcloud is not discovering it due to Legacy Pricing tier?

Thanks guys for any answers

Colin · May 8, 2025, 8:30am

Hey @Lukasz1

Nothing about pricing should get in the way.

What kind of file is the secret in? (file extension)? Can you provide an example (obfuscating the token, or at least making sure it is revoked)

Topic		Replies	Views
Secret detection not finding problems on Dockerfile SonarQube Server / Community Build secrets	3	15	April 3, 2025
API key/tokens in Sonarcloud SonarQube Cloud tokens , sonarqube-cloud	5	2310	March 10, 2021
Unable to enable secrets in the community edition SonarQube Server / Community Build	5	45	January 13, 2025
Does SonarQube or SonarCloud support scanning secrets (passwords, tokens, certificates, etc)? SonarQube Server / Community Build sonarqube , sonarqube-cloud	8	12659	April 29, 2020
Secrets quality profile is not getting picked by sonarqube analysis Report False-positive / False-negative... sonarqube , secrets	4	39	March 18, 2025

Secrets are not getting Discovered by Sonarcloud

Related topics