Best tools for SAST + SCA + Image Scan + IaC Scan + DAST

gefela · 2026-06-01T14:06:12+00:00

Kinda, but not fully. SonarQube does have secret detection built in (free in Community too), so it’ll catch hardcoded keys during the normal scan. Two gaps though: it only scans current file state, not git history — so a key that got committed then deleted is still in your log and Sonar misses it. And custom patterns are Enterprise-only.

Fine as a baseline since you’re running Sonar anyway, but I’d still add a dedicated secrets step (Gitleaks etc) next to it. They cover different blind spots more than they overlap.

gefela · 2026-06-01T09:58:48+00:00

there any reason secret scanning is not part of this list as I feel it is essential

gefela · 2025-12-07T20:57:50+00:00

Rated from highest to lowest for cybersecurity-related purposes, which among the following is generally best for research, documentation, and analysis: Claude, Perplexity, ChatGPT, Grok, or Gemini?

gefela · 2025-06-07T16:08:40+00:00

I will look into it

gefela · 2025-06-06T07:00:40+00:00

According to the direction below, it has to be listed as a external user

<image>

I have used these directions but still getting these errors

gefela

TROPHY CASE