Sonar Debuts Secrets Detection for Mitigating Sensitive Information Leaks

Sonar, the Clean Code solution, is launching a new capability that enables enterprises to uncover malicious “secrets” harbored in source code, eliminate its leakage, and reduce unauthorized access risk. Dubbed Secrets Detection, Sonar’s code security capability will be integrated with SonarLint, SonarQube, and SonarCloud.

Secrets most often consist of passwords, API keys, encryption keys, tokens, database credentials, and other sensitive information that an organization has. If leaked, these secrets can cause major operational and reputational damage to a brand.

In addition to its weighty consequences, many secret detection tools available on the market today only surface secrets after the leak already occurred, according to Sonar.

Secrets Detection by Sonar innovates  this technological gap, enabling enterprises to detect secrets in code before it becomes a major threat. With SonarLint, this capability can also detect secrets in the IDE, preventing the fallout to SCM and eliminating the need for remediation.

“Secrets leakage in code is both a risk and a pain, and despite repeated issues, it continues to happen, due to a lack of awareness and attention,” said Olivier Gaudin, founder and co-CEO of Sonar. “Being able to detect secrets with Sonar is great, as it enables organizations to reduce their risk exposure. Additionally, having the ability to detect them in the IDE is a game changer because it avoids the pain of remediating through a rotation of the secret.”

On top of Sonar’s Secret Detection, the company also offers developer education on secrets’ existence and impact, leveraging Sonar’s Clean as You Code (CaYC) methodology and Learn as You Code approach. This furthers Sonar's mission to enable developers to create clean code that is maintainable, reliable, and secure, according to the company.

To learn more about Secrets Detection, please visit