ASH scans git_report_result.txt

[bestickley]

ASH is scanning it's output (git_report_result.txt) resulting in double code findings as shown below:

┌─────────────────┐
│ 4 Code Findings │
└─────────────────┘

    /out/work/git_report_result.txt
   ❯❯❱ generic.secrets.security.detected-aws-account-id.detected-aws-account-id
          AWS Account ID detected. While not considered sensitive information, it is important to use them and
          share them carefully. For that reason it would be preferrable avoiding to hardcoded it here.        
          Instead, read the value from an environment variable or keep the value in a separate, private file. 
          Details: https://sg.run/Ro22                                                                        

          543┆ infra/cdk.context.json:2:  "availability-zones:account=211125606836:region=us-east-1": [
            ⋮┆----------------------------------------
          544┆ infra/cdk.context.json:10:  "ssm:account=211125606836:parameterName=/aws/service/ami-
               amazon-linux-latest/al2023-ami-kernel-6.1-x86_64:region=us-east-1":                  
               "ami-0277155c3f0ab2930",                                                             
            ⋮┆----------------------------------------
          545┆ infra/cdk.context.json:11:  "availability-zones:account=905418358903:region=us-east-1": [
            ⋮┆----------------------------------------
          546┆ infra/cdk.context.json:19:  "ssm:account=905418358903:parameterName=/aws/service/ami-      
               amazon-linux-latest/al2023-ami-kernel-6.1-x86_64:region=us-east-1": "ami-0440d3b780d96b29d"

Please have semgrep ignore ash created files.

[awsntheule]

Are you still having issues with this @bestickley? I have not been able to replicate this issue.

[bestickley]

@awsntheule, I'll test this with new version soon and report back.

[bestickley]

This is resolved. Thank you!