Security Alert False Positives - Readme examples
Security alert false positives.
Steps to reproduce
semantic-delivery-gitlab repository and enabling the security dashboard feature (the repository is already setup to use common configuration provided by my
gitlab-config package for conducting security audits).
Please see above.
What is the current bug behavior?
The Security Dashboard reports a Critical alert for a benign README example.
What is the expected correct behavior?
The Security Dashboard, and scanning tools, should not trigger for benign README examples.
Relevant logs and/or screenshots
Navigate to the Security Dashboard and see vulnerability reports such as:
That report is for the following
const cacheableRequest = new CacheableRequest(http.request, 'redis://user:pass@localhost:6379');
Available in the
cacheable-request readme - https://github.com/lukechilds/cacheable-request/blame/645e9717aa947414cd332fc36912b7cae82ee910/README.md#L69
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Results of GitLab application Check
Likely this regular expression here - https://github.com/dxa4481/truffleHogRegexes/blob/d94336ef7e226b98cf2aeadfab659a0081b3508f/truffleHogRegexes/regexes.json#L19