Sonarcloud doesn't scan config files

  • On integrating Sonarcloud with our Azure pipelines, it isn’t scanning the config files such as .config/.ini files present in our repositories.
    We are trying to look for passwords/secrets present in the config files.
    We tried using sonar.inclusions to include those config files, but still, we don’t see them scanned.
  • We are using the CLI scanner
  • Commonly used language is python.

Hi @Iyswaryha and welcome to the community !

Unfortunately, there is no current support for this kind of file currently.

Out of curiosity, is it a file tied to your Python project, or this is something generic ?


Thank you for the response,
Yes, it is basically kind of properties files from where the passwords/secrets are fetched and used to connect to the corresponding resources.

Is there is any plan for this config files scan in future timeline?