- On integrating Sonarcloud with our Azure pipelines, it isn’t scanning the config files such as .config/.ini files present in our repositories.
We are trying to look for passwords/secrets present in the config files.
We tried using sonar.inclusions to include those config files, but still, we don’t see them scanned.
- We are using the CLI scanner
- Commonly used language is python.
Hi @Iyswaryha and welcome to the community !
Unfortunately, there is no current support for this kind of file currently.
Out of curiosity, is it a file tied to your Python project, or this is something generic ?
Thank you for the response,
Yes, it is basically kind of properties files from where the passwords/secrets are fetched and used to connect to the corresponding resources.
Is there is any plan for this config files scan in future timeline?