GitHub Community
Feedback to credential detection in user secrets scanning #112635
-
Select Topic AreaProduct Feedback BodyThis screenshot shows a false positive, where the pattern is a bit too eager it seems. Maybe you can require blank or quotes before the string, but not dot (but even then the risks of missdetection is high). Funny enough the screenshot also shows a „real“ secret - which was not detected.
|
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
Hey @ecki, Sorry for the late reply. Thanks for sharing this. It is indeed a false-positive, and a mistake we made when we started releasing a handful of features dedicated for open-source repositories (such as push protection + secret scanning for all). We're working on a fix to just go ahead and delete these false-positives altogether. Sorry about the spam! 😢 |
Beta Was this translation helpful? Give feedback.
Hey @ecki,
Sorry for the late reply. Thanks for sharing this. It is indeed a false-positive, and a mistake we made when we started releasing a handful of features dedicated for open-source repositories (such as push protection + secret scanning for all).
We're working on a fix to just go ahead and delete these false-positives altogether.
Sorry about the spam! 😢
Aakash