Open rfay opened 6 days ago
That's ok. That code is not actually secret. If these alerts bother folks I suggest only scanning your customer code and not scanning dependencies.
This isn't a manual scan, it's an automatic GitHub check on checkin of code. And yes, I check in vendor because I'm lazy.
I'm surprised they haven't been pestering you over and over.
Describe the bug
GitHub's secret scanner detects this as a secret:
public function fetch($search = null, $options = ['image-viewer' => 'open', 'google-custom-search-api-key' => 'AIzaSyDpE01VDNNT73s6CEeJRdSg5jukoG244ek']
https://github.com/drush-ops/drush/blob/6a3f0cfe0abab49f42e83602469049506d75035d/examples/Commands/XkcdCommands.php#L25
It's probably private, but the scan alert is in