False Positive for Atlassian API Token in a binary file #127297
Unanswered
jesseditson
asked this question in
Code Security
Replies: 1 comment 5 replies
-
Hey @jesseditson , we're not able to see the secret scanning alert for privacy/security reasons. If you're comfortable, and confident it is a false-positive, could you share the value here? |
Beta Was this translation helpful? Give feedback.
5 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Bug
Body
Hey there! I have a template repo that includes some binary files for compiling/running the code in the repo. This template repo will be cloned quite a lot, and every time I clone it I get a false positive. This will freak out my users so it'd be nice to get either the template repo excluded from this check or otherwise create a solution for skipping binary-like files. We could try denylisting this specific token but I'm concerned that when I update the binary in the template repo, it'll trigger this check again with a different but similar sequence, which is common in these binaries.
If it helps, these binaries are generated by cargo.
Example:
https://github.com/jesseditson/rigsketball-signup/security/secret-scanning/1
Beta Was this translation helpful? Give feedback.
All reactions