GENEVA – December 14, 2023 – Sonar, the leading Clean Code solution provider, today announced its new Secrets Detection capability for SonarQube for IDE, SonarQube Server, and SonarQube Cloud. With Sonar’s new capability, organizations can detect secrets that are accidentally or maliciously stored in source code, eliminate leakage of these secrets, and reduce the security risk of illicit or unsanctioned access to private data. Secrets detection for publicly known secrets is available in all Sonar products, SonarQube Server Enterprise Edition 10.3 and above customers are able to create their own custom secret pattern detection rules.
The most common “secrets” that reside in code include passwords, API keys, encryption keys, tokens, database credentials, and other private information to a company that, if leaked, compromise their security. Secrets that creep into code, like credentials, regularly make news headlines – with the number of exposures increasing due to human error.
Most detection tools available today focus exclusively on finding secrets in code repositories, when the leakage has already happened, requiring painful remediation by rotating. On top of the standard capability, SonarQube for IDE also enables the detection of secrets in the IDE, preventing the secret from leaking so it never reaches the SCM, and therefore avoiding the need for remediation. By shifting left, Sonar prevents the leakage in the first place, drastically reducing risk and remediation efforts.
“Secrets leakage in code is both a risk and a pain, and despite repeated issues, it continues to happen, due to a lack of awareness and attention,” said Olivier Gaudin, founder and co-CEO of Sonar. “Being able to detect secrets with Sonar is great, as it enables organizations to reduce their risk exposure. Additionally, having the ability to detect them in the IDE is a game changer because it avoids the pain of remediating through a rotation of the secret.”
Sonar also educates developers on secrets existence and impact through the pairing of its Clean as You Code (CaYC) methodology and Learn as You Code approach, helping to improve developer delivery of Clean Code — code that produces maintainable, reliable, and secure software. Specifically with Learn as You Code, each Secrets Detection rule provides why the found code segment is an issue along with the impact details of why the secret poses a security risk. Learn as You Code, with CaYC, enables organizations to achieve and sustain continuous Clean Code.
To learn more about Sonar Secrets Detection, go here. For additional information on the release of SonarQube Server 10.3, view the product page here.
About Sonar
Sonar is the trust and verification layer for AI code, and the industry standard for automated code review for 17+ years. Integrating code quality and code security into a single platform, Sonar delivers deterministic, repeatable, and actionable code verification at scale, analyzing over 750 billion lines of code daily to ensure software is secure, reliable, and maintainable. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at Microsoft, Adobe, Deutsche Bank, AstraZeneca, and Ford Motor Company.
To learn more about Sonar, please visit https://www.sonarsource.com/