Hello,
We are trying to use Secrets - Quality Profile but we did not manage to use it, I was wondering if some configuration needs to be made:
We’re using
-Azure DevOps
-C# .NET project
in Project → Information we have C#, Docker and JSON as Quality Profiles Used, but we cannot trigger Secrets quality profile, can you please help with guidelines in using this quality profile?
Hi,
Welcome to the community!
Take a look at Administration → Languages → Secrets. Is Secrets analysis activated? Check the file path patterns. Do they include your files of interest?
HTH,
Ann
Hi Ann,
Thank you for the warm welcome!
Yes, I activated the Secrets Analysis and I am not sure if I need to set in another place something additional to use this quality profile or if I need to pass additional parameters before scanning?
Hi,
You activated it. Did you add your file extensions to the list of extensions secrets analysis should pay attention to? It’s on that same page, just scroll down.
Ann
Yes, I created a branch based on main branch, with a file with an extension from that list and put some secrets on it to be scanned in order to trigger it, but I did not manage to do that.
Hi,
Thanks for that detail. I’ve flagged this for more expert eyes.
Ann
Thanks for reporting this issue. Here I quickly verified that detecting secrets is working:
https://sonarcloud.io/project/issues?resolved=false&sinceLeakPeriod=true&types=VULNERABILITY&id=mstachniuk_java-demo-1&open=AYwg1HP-654pILIRHTYX
I need more information to find the issue. Could you send me logs from your build, please? (It can be a private message).
Best
Marcin Stachniuk
Hi Marcin, thank you for your reply.
Can you please tell me where I can send a private message? E-mail?
Thank you
After private conversation we determined the following facts:
The answer:
*.ps1 and other files by setting the property sonar.text.inclusions, see: Secrets configuration.Best
Marcin
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.