Draft: Do not detect AWS Access Tokens ending in "EXAMPLE"
What does this MR do?
This MR creates a [rules.allowlist]
for our AWS token match pattern. This excludes AWS tokens from being detected as secrets if those tokens end in "EXAMPLE". This is a common false positive because the AWS documentation uses AKIAI44QH8DHBEXAMPLE
in their documentation examples. This example token is commonly used as placeholders and in code comments and should be ignored.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests updated/added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Sam White