properties:
sonar.qualitygate.wait=true
sonar.text.inclusions.activate=true
sonar.text.inclusions=**/*.ts,**/*.sh,**/*.bash,**/*.zsh,**/*.ksh,**/*.ps1,**/*.properties, **/*.conf,**/*.pem,**/*.config,.env,.aws/config
project_files.zip (1.9 KB)
Hello @roma! Welcome to the community and thanks for your question 
Your properties are valid, the TypeScript files are indeed scanned for secrets. Note that even without these properties, we already scan most source code files, including TypeScript files.
However, there are multiple reasons that lead our analyzer not to raise issues on your examples.
1. Non-sensitive keys
All the “AIKA” keys are access keys. They can only be used with a secret key, and are not sensitive by themselves.
2. Fake-looking secrets
To reduce the noise, we do not raise issues on secrets that look “too fake” like this one you provided:
export const aws_secret_access_key = “wJalrXUtnFEMI/K7MDENG/bPxRfiCYFAKESECRETKEY”;
3. Automatic test file detection
This secret you provided has a correct format and would usually be detected:
export const aws_secret_access_key = "kHeUAwnSUizTWpSbyGAz4f+As5LshPIjvtpswqGb";
However, it’s in a file called aws-test.ts. To avoid noise and false positives, when the sonar.tests property is not defined, the analyzer tries to automatically detect test files and does not scan them for secrets. You should see the following explanation in your scanner logs:
The property "sonar.tests" is not set. To improve the analysis accuracy,
we categorize a file as a test file if any of the following is true:
* The filename starts with "test"
* The filename contains "test." or "tests."
* Any directory in the file path is named: "doc", "docs", "test" or "tests"
* Any directory in the file path has a name ending in "test" or "tests"
If you set the sonar.tests property or if you remove “test” from your filename, you should see an issue!
Let me know if it works and if you have any other questions 
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.