I have SonarCloud setup to run against a test ASP.NET MVC application. I have intentionally added a hard-coded password to see if the scan would pick it up.
It caught a couple of code smells in the Program.cs file (and one bug in the project), but it didn’t catch that error. It also didn’t show that it skipped that line either (though there were a couple of other lines that were skipped by the scan.)
I initially put in the property group to set the web project:
< SonarQubeTestProject>false< /SonarQubeTestProject>
…but that didn’t seem to fix the issue.
When I removed all references to “Test” from the solution and project names that fixed the issue and it caught the hard-coded password.