search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
6.97k stars 1.1k forks source link

Secret Not Detected #6644

Open nigarnajafli opened 1 month ago

nigarnajafli commented 1 month ago

Hi. Example SYSTEM_PASSWORD: hello_123

I'm experiencing an issue where Checkov fails to detect a secret in my local.env file. Specifically, the secret SYSTEM_PASSWORD: hello_123 (and other similar passwords) is not being flagged by Checkov.

deeps-sf commented 1 month ago

@nigarnajafli The entropy here is too low. The problem is in some languages “password = hello_123” the “hello_123” could be a variable not the password itself, so going off just “password” would be very noisy.

https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-6