I use Sonarqube version developer edition v10.5 1 to scan the source code. However, I notice that the .env file is not analyzed. Does sonarqube no longer support scanning .env files?
Hey there.
We don’t currently analyze dot-prefixed files.
1 Like
Thank you for answer.
Can you tell me the reason for not analyzing dot-prefixed files?
It’s ultimately a decision made nearly 14 years ago (SONAR-1467), so I probably can’t get down to an exact “why” – but at least back then, it was rare for hidden files to be code that you cared about.
However, I don’t think it’s safe for us to assume we should now analyze all hidden files, so we have to figure out the right solution.
1 Like
Thank you for answer.