I was checking sonarqube community edition 25.3.0 on macos x86_64 and found that secret detection does not work . can someone please clarify if secret detection is available in community edition ? if not, could someone guide me on which edition i would need to access this feature ? I have properly enabled quality quality profile for my project but still sonar-scanner does not detect these vulnerabilities. if we define sensitive content inside ini files . it only detects as part of the python code. I want to understand , can it detect secret content in other file types like ini, pem, property files etc

Seems SonarQube CE does not natively support secret detection in non-code files like ini, config, pem, or property files. It can detect hardcoded sensitive strings (e.g., PASSWORD, API_KEY) in code files for certain languages, but this is limited to specific patterns and language-specific rules. After reviewing SonarQube’s documentation, it appears that custom patterns/sensitive data detection in text-based configuration files might not be supported in the Sonarqube Community Edition. I have posted question in sonar community as well.

[dev]
password = test
username = test

it detects in below python code but not in above config file

import os

API_KEY = "test"

def aws_connect():
    password = "test"
    db_password = "test@12"
    github_token = "test"
    aws_access_key = "AKIASSEXAMPLEHHHH123LLL"
    aws_secret_key = "whhaKajjLajjKKjajj"
    print("Aws details",aws_access_key)
    return aws_access_key,aws_secret_key


DB_PASS = "test"

SECRET_TOKEN = "SG"

CONFIG = "OCI"

def get_token():
    config_value = "test123"
    return config_value


if __name__ == "__main__":
    aws_connect()
    print("DB_PASS", DB_PASS)