To reduce false positives from being raised, we need to pass more data to the rules. The SDS engine also use a default_included_keywords which brings additional data used to check for secrets. We did not use them so far but it's suggested to use them to decrease the number of false positives.
What is your solution?
Consume the default_included_keywords
Testing
Scanning a large Java codebase
Before
Found 1313 secret(s) in 32905 file(s) using 22 rule(s) within 6 sec(s)
After
Found 16 secret(s) in 32905 file(s) using 22 rule(s) within 6 sec(s)
What problem are you trying to solve?
To reduce false positives from being raised, we need to pass more data to the rules. The SDS engine also use a
default_included_keywordswhich brings additional data used to check for secrets. We did not use them so far but it's suggested to use them to decrease the number of false positives.What is your solution?
Consume the
default_included_keywordsTesting
Scanning a large Java codebase
Before
After