SonarLint for Visual Studio: v6.4 - Detection of cloud provider secrets

Hello Visual Studio users,

If you already developed code interacting with cloud services, you know that secrets (like tokens, API tokens, etc) are typically needed to access them. And you also know that if such secrets are added to your code and committed into a public repository, then it is very easy for a malicious user to get access to those cloud services using your credentials.

In order to help you prevent any leak of such secrets, we’ve just released a new feature in SonarLint for Visual Studio to detect them as soon as you’re introducing them in the code.

We are currently able to detect secrets for the following cloud services:

  • Amazon Web Services
  • Google Cloud
  • Microsoft Azure Cloud
  • IBM Cloud
  • Alibaba Cloud

We’re also considering extending the range of secrets we can detect, if you are interested to learn more you can visit our roadmap page.

1 Like