diff --git a/pkg/fanal/secret/scanner.go b/pkg/fanal/secret/scanner.go
index 9166c091794..021a5a31745 100644
--- a/pkg/fanal/secret/scanner.go
+++ b/pkg/fanal/secret/scanner.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"os"
 	"regexp"
+	"sort"
 	"strings"
 	"sync"
 
@@ -337,7 +338,7 @@ type Match struct {
 	Location Location
 }
 
-func (s Scanner) Scan(args ScanArgs) types.Secret {
+func (s *Scanner) Scan(args ScanArgs) types.Secret {
 	// Global allowed paths
 	if s.AllowPath(args.FilePath) {
 		return types.Secret{
@@ -401,6 +402,13 @@ func (s Scanner) Scan(args ScanArgs) types.Secret {
 		return types.Secret{}
 	}
 
+	sort.Slice(findings, func(i, j int) bool {
+		if findings[i].RuleID != findings[j].RuleID {
+			return findings[i].RuleID < findings[j].RuleID
+		}
+		return findings[i].Match < findings[j].Match
+	})
+
 	return types.Secret{
 		FilePath: args.FilePath,
 		Findings: findings,
diff --git a/pkg/fanal/secret/scanner_test.go b/pkg/fanal/secret/scanner_test.go
index 769e836d2bd..81de00e68c5 100644
--- a/pkg/fanal/secret/scanner_test.go
+++ b/pkg/fanal/secret/scanner_test.go
@@ -495,7 +495,7 @@ func TestSecretScanner(t *testing.T) {
 			inputFilePath: "testdata/aws-secrets.txt",
 			want: types.Secret{
 				FilePath: "testdata/aws-secrets.txt",
-				Findings: []types.SecretFinding{wantFinding5, wantFinding9, wantFinding10},
+				Findings: []types.SecretFinding{wantFinding5, wantFinding10, wantFinding9},
 			},
 		},
 		{