Code scanning alerts reveal secrets
Closed this issue · 2 comments
scherersebastian commented
Unfortunately the findings in the code scanning alerts contain the secrets themselves - is that intentional?
Example: https://github.com/the-tatanka/github-action-gitleaks/security/code-scanning
Would be good for security reasons that the secrets would not be shown here too.
Maybe a "redact" flag would be good here as well.
Great action, also good that the Azure secrets are included.
DariuszPorowski commented
Hello @the-tatanka I do not have access to provied repo for investigating the issue.
redact is enabled by default, but it only works for geitleaks output log.
scherersebastian commented
ok, thnaks for the answer and the action.
Redact option for gitleaks output works as aspected.
Looks like GitHub displays the matching code snippet.