MicroFish91
commented
3 months ago I assumed that they were fake tokens, but I did double-check to verify that they were. I am concerned that cred-scan is going to flag us for having PAT in our code now even if it is for testing purposes.
Yeah fake credentials, but valid JWTs.
I think it will be okay because of this inclusion in the CredScanSuppressions.json:
{
"file": "utils\\test\\masking.test.ts",
"_justification": "Fake credentials used for unit tests."
}
Ensure anything resembling a JWT is automatically redacted from errors before submitting to telemetry