Feature Description
when a secrets scanning detection occurs, name the risk according to the NP rule. this would look like telegram-token or generic-password.
Problem
current github secrets scanning detections are named according to the filename and line number. this naming convention does not indicate the nature of the risk, which can be confusing for users. this also makes generating risk descriptions and recommendations difficult because a new description would need to be generated and associated with virtually every new detection.
here is an example list of github secrets detection risks:
here is an example NP finding:
note the Rule Name field boxed in red - this is what may be a more appropriate naming source for secrets detection finding names.
Feature Description when a secrets scanning detection occurs, name the risk according to the NP rule. this would look like
telegram-token
orgeneric-password
.Problem current github secrets scanning detections are named according to the filename and line number. this naming convention does not indicate the nature of the risk, which can be confusing for users. this also makes generating risk descriptions and recommendations difficult because a new description would need to be generated and associated with virtually every new detection.
here is an example list of github secrets detection risks:
here is an example NP finding:
note the
Rule Name
field boxed in red - this is what may be a more appropriate naming source for secrets detection finding names.