Incorrect information on main secret detection page
Problem to solve
The secret detection introductory page states the following:
A secret detected during a secret detection scan remains in the vulnerability report as “Still detected” even after the secret is removed from the scanned file. This is because a secret remains in the Git repository’s history. To address a detected secret, remediate the leak, then triage the vulnerability.
This information is correct, but it applies ONLY to pipeline secret detection. Its presence is potentially confusing.
Proposal
Move the content of the above paragraph to the pipeline secret detection docs page.
Who can address the issue
Anyone
Other links/references
FY25Q2 Stage lead planning issue: Secure (technical-writing#1029 - closed)
Edited by Russell Dickenson