1 views collected around this technical thread.
This article explains how to integrate the captainhook/secrets library via Composer to automatically scan PHP codebases for passwords, API keys, and other secrets, offering predefined suppliers, custom regexes, and whitelist support for secure CI/CD pipelines.
This article explains how to automatically detect and block accidental commits of sensitive data such as database passwords or API keys in a PHP project by integrating the captainhook/secrets library via Composer, covering installation, predefined suppliers, custom regex, whitelist usage, and the benefits of CI/CD integration.
This article explains how to integrate the SonarQube Sonar Secrets plugin into a CI/CD pipeline to provide early security feedback, detect hard‑coded credentials, build and install the plugin, configure SonarQube, and enable secret scanning for Java and JavaScript projects.
This article explains how Skyscanner integrated the Sonar Secrets plugin into their CI/CD pipeline to automatically detect hard‑coded secrets such as passwords, API tokens, and AWS credentials, covering setup, build commands, installation steps, and enabling the rules in SonarQube quality profiles.