GENEVA – December 14, 2023 – Sonar, the leading Clean Code solution provider, today announced its new Secrets Detection capability for SonarLint, SonarQube, and SonarCloud. With Sonar’s new capability, organizations can detect secrets that are accidentally or maliciously stored in source code, eliminate leakage of these secrets, and reduce the security risk of illicit or unsanctioned access to private data. Secrets detection for publicly known secrets is available in all Sonar products, SonarQube Enterprise Edition 10.3 and above customers are able to create their own custom secret pattern detection rules.
The most common “secrets” that reside in code include passwords, API keys, encryption keys, tokens, database credentials, and other private information to a company that, if leaked, compromise their security. Secrets that creep into code, like credentials, regularly make news headlines – with the number of exposures increasing due to human error.
Most detection tools available today focus exclusively on finding secrets in code repositories, when the leakage has already happened, requiring painful remediation by rotating. On top of the standard capability, SonarLint also enables the detection of secrets in the IDE, preventing the secret from leaking so it never reaches the SCM, and therefore avoiding the need for remediation. By shifting left, Sonar prevents the leakage in the first place, drastically reducing risk and remediation efforts.
“Secrets leakage in code is both a risk and a pain, and despite repeated issues, it continues to happen, due to a lack of awareness and attention,” said Olivier Gaudin, founder and co-CEO of Sonar. “Being able to detect secrets with Sonar is great, as it enables organizations to reduce their risk exposure. Additionally, having the ability to detect them in the IDE is a game changer because it avoids the pain of remediating through a rotation of the secret.”
Sonar also educates developers on secrets existence and impact through the pairing of its Clean as You Code (CaYC) methodology and Learn as You Code approach, helping to improve developer delivery of Clean Code — code that produces maintainable, reliable, and secure software. Specifically with Learn as You Code, each Secrets Detection rule provides why the found code segment is an issue along with the impact details of why the secret poses a security risk. Learn as You Code, with CaYC, enables organizations to achieve and sustain continuous Clean Code.
Sonar equips organizations to achieve and sustain a Clean Code state by empowering developers to write consistent, intentional, adaptable, and responsible code. Clean Code produces software that is maintainable, reliable, and secure, allowing development teams to spend less time fixing issues and more time innovating. With Sonar, and by employing the company’s Clean as You Code methodology, organizations minimize risk, reduce technical debt, increase productivity, and derive more value from their software in a predictable and sustainable way.
Sonar’s open source and commercial products – SonarLint, SonarCloud, and SonarQube – support over 30 programming languages, frameworks, and infrastructure technologies. Trusted by more than 500,000 organizations and used by more than 7 million developers globally to clean more than half a trillion lines of code, Sonar is integral to delivering better software.
To learn more about Sonar, please visit https://www.sonarsource.com/company/about/.
Senior PR Manager for Sonar