Closed direvus closed 2 months ago
As further supporting evidence, the code in https://github.com/Yelp/detect-secrets/blob/81da50d60c428ed3d95a25a2405c190238735e26/detect_secrets/audit/audit.py#L81 already agrees with my proposed wording :D
Hi @direvus, thank you for raising this issue! Do you think you can turn this into a PR where we can discuss a more appropriate wording for that question?
Yeah, no worries.
I'm submitting a ...
What is the current behavior?
When running a
detect-secrets audit
, the tool displays the following prompt:This prompt is worded in a way that only makes sense if the detection is actually a secret. The wording doesn't make sense when the detection is not a secret (false positive).
Not a bug.
The prompt should be worded to make sense for false positives, as well as for genuine detections.
False positives are common -- 100% of detections have been false positives so far in my experience. The prompt wording should make sense in the case of false positives.
If the user is taking the question in the prompt literally, what is the correct response for a false positive? Should we answer (y)es because it should be committed, or (n)o because it's not a secret? It's unclear.
I would suggest an alternative and simpler wording that works in both cases, such as:
Please tell us about your environment:
Other information