Using Sonarqube community edition 10.7. Upgraded from 9.9 LTA using a zip file.
As per the sonarqube docs, : Secrets
one can enable secret scanning in the community edition by doing this:
Discover and update the secret-specific parameters in Administration > Configuration > General Settings > Languages > Secrets
However in my case, i don’t find this section called Secrets. I just see a drop down with the languages.
How can i enable secret scanning ?
Yes it is enabled by default looks like but sonarqube isn’t able to detect secrets in my code. I noticed that there was something called inclusions and .java files were not there. Can i include something like **/. in the inclusion files? Also, do i have to include any quality rules specifically into my quality profile?
Java files should be analyzed by default.
Do you have an example (modified of course, to not reveal an actual secret) of a secret not being detected?
