False positives
Hi,
Amazon AWS Secret Access Key
we have comments like:
CommitHash: f768755e79a4b5860a1a98f6158071c5f52d68e9
Is there a simple trick, to avoid token-hunter to recognize this as an Amazon AWS Secret Access Key? I only know, reducing the length of the hash.
Also in the jobs this can be recognized:
Checking out ba6d6180 as DEV/FOC-5916...
fatal: reference is not a tree: ba6d618083de70dc7adbf76175b1e491f3e4fb7aba6d618083de70dc7adbf76175b1e491f3e4fb7a is also false positive AWS Secret Access Key.
Password in URL
Another false positive is in "Password in URL".
Example:
Type: Password in URL, Secret: https://gitlab-ci-token:[MASKED]@rc-vmgitlab.myserver.com/grp/Frontend.g...
Another example:
Type: Password in URL, Secret: https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@RC-VMGITLAB.myserver.com/am...
Edited by Markus Stein