diff --git a/pkg/fanal/secret/scanner.go b/pkg/fanal/secret/scanner.go
index 9166c0917943..ca7c8869b61a 100644
--- a/pkg/fanal/secret/scanner.go
+++ b/pkg/fanal/secret/scanner.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"os"
 	"regexp"
+	"sort"
 	"strings"
 	"sync"
 
@@ -337,7 +338,7 @@ type Match struct {
 	Location Location
 }
 
-func (s Scanner) Scan(args ScanArgs) types.Secret {
+func (s *Scanner) Scan(args ScanArgs) types.Secret {
 	// Global allowed paths
 	if s.AllowPath(args.FilePath) {
 		return types.Secret{
@@ -401,6 +402,13 @@ func (s Scanner) Scan(args ScanArgs) types.Secret {
 		return types.Secret{}
 	}
 
+	sort.Slice(findings, func(i, j int) bool {
+		if findings[i].RuleID != findings[j].RuleID {
+			return findings[i].RuleID != findings[j].RuleID
+		}
+		return findings[i].Match < findings[j].Match
+	})
+
 	return types.Secret{
 		FilePath: args.FilePath,
 		Findings: findings,