Disable gitleaks entropy checks
gitleaks
can create a lot of false positives for ~"secret detection" if it has entropy checks enabled. This will report many possible secrets just because of random strings.
As a first iteration, we should limit the detection to fully recognized secrets, and then iterate to see if we can tune it better and detect more based on entropy.
There is a -e
flag for gitleaks
that can be used to disable entropy checks. This could be a boring solution to fix it quickly.