Image showing secrets detection

Press Release

Sonar Announces Secrets Detection

New feature in SonarQube for IDE, SonarQube Server, and SonarQube Cloud allows developers to detect leaked secrets at multiple points in the code development process – in the IDE, throughout code repositories, and across the CI/CD lifecycle

GENEVA – December 14, 2023 – Sonar, the leading Clean Code solution provider, today announced its new Secrets Detection capability for SonarQube for IDE, SonarQube Server, and SonarQube Cloud. With Sonar’s new capability, organizations can detect secrets that are accidentally or maliciously stored in source code, eliminate leakage of these secrets, and reduce the security risk of illicit or unsanctioned access to private data. Secrets detection for publicly known secrets is available in all Sonar products, SonarQube Server Enterprise Edition 10.3 and above customers are able to create their own custom secret pattern detection rules


The most common “secrets” that reside in code include passwords, API keys, encryption keys, tokens, database credentials, and other private information to a company that, if leaked, compromise their security. Secrets that creep into code, like credentials, regularly make news headlines – with the number of exposures increasing due to human error. 


Most detection tools available today focus exclusively on finding secrets in code repositories, when the leakage has already happened, requiring painful remediation by rotating. On top of the standard capability, SonarQube for IDE also enables the detection of secrets in the IDE, preventing the secret from leaking so it never reaches the SCM, and therefore avoiding the need for remediation. By shifting left, Sonar prevents the leakage in the first place, drastically reducing risk and remediation efforts. 


“Secrets leakage in code is both a risk and a pain, and despite repeated issues, it continues to happen, due to a lack of awareness and attention,” said Olivier Gaudin, founder and co-CEO of Sonar. “Being able to detect secrets with Sonar is great, as it enables organizations to reduce their risk exposure. Additionally, having the ability to detect them in the IDE is a game changer because it avoids the pain of remediating through a rotation of the secret.”


Sonar also educates developers on secrets existence and impact through the pairing of its Clean as You Code (CaYC) methodology and Learn as You Code approach, helping to improve developer delivery of Clean Code — code that produces maintainable, reliable, and secure software. Specifically with Learn as You Code, each Secrets Detection rule provides why the found code segment is an issue along with the impact details of why the secret poses a security risk. Learn as You Code, with CaYC, enables organizations to achieve and sustain continuous Clean Code.


To learn more about Sonar Secrets Detection, go here. For additional information on the release of SonarQube Server 10.3, view the product page here


About Sonar   


Sonar equips organizations to achieve and sustain a Clean Code state by empowering developers to write consistent, intentional, adaptable, and responsible code. Clean Code produces software that is maintainable, reliable, and secure, allowing development teams to spend less time fixing issues and more time innovating. With Sonar, and by employing the company’s Clean as You Code methodology, organizations minimize risk, reduce technical debt, increase productivity, and derive more value from their software in a predictable and sustainable way.


Sonar’s open source and commercial products – SonarQube for IDE, SonarQube Cloud, and SonarQube Server – support over 30 programming languages, frameworks, and infrastructure technologies. Trusted by more than 500,000 organizations and used by more than 7 million developers globally to clean more than half a trillion lines of code, Sonar is integral to delivering better software. 


To learn more about Sonar, please visit https://www.sonarsource.com/company/about/.


Media Contact  


Katie Hyman


Senior PR Manager for Sonar  


(707) 291-1469


katie.hyman@sonarsource.com

is your source code clean of secrets?

Explore Secrets
  • Legal documentation
  • Trust center
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.