KevinHock
There is the very rare valid secret in the form of ``` foo bar HIGH-ENTROPY ``` or just ``` HIGH-ENTROPY ``` etc. where there are no quotes. We [currently require...
Auditing can be quite tedious on large repos, especially since we still have issues like high-entropy alerting off every line in between `begin private key` and `end key`. This should...
We output the same thing over and over again e.g. for one repo, running `pre-commit run detect-secrets --all-files` outputs: ``` Detect secrets...........................................................Failed hookid: detect-secrets Files were modified by this hook....
Two liner to fix, changing https://github.com/Yelp/detect-secrets/blob/cd8b3999e141ed4faec75e5db087df0db2339f58/detect_secrets/plugins/keyword.py#L229-L230 to be FOLLOWED_BY_COLON_QUOTES_REQUIRED_REGEX: 5, FOLLOWED_BY_EQUAL_SIGNS_QUOTES_REQUIRED_REGEX: 4, I think From https://blog.golang.org/strings I think this is fine Probably `.kt` files too.
e.g. https://github.com/adsr/irslackd/wiki/IRC-Client-Config#xoxc-tokens are a thing tags: `false-negative` location: https://github.com/Yelp/detect-secrets/blob/master/detect_secrets/plugins/slack.py#L17-L18, should be adding like 2 chars here
It is one of the rarely specific kinds of secrets where we should ensure length and stuff of the captured group, so that e.g. `foo` or `bar` are not captured...
`--no-line-numbers` (in baseline) `--no-generated-at` (in baseline) and "Make pre-commit hook only look at the git diff" options. Are all possible ideas.