Replace the `scope` values in the recordings to suppress credscan warnings
See original GitHub issueExample:
.post('/aaaaa/oauth2/v2.0/token', "response_type=token&grant_type=client_credentials&client_id=aaaaa&scope=https%3A%2F%2Fstorage.azure.com%2F.default"
Scope value is not sensitive data, but replacing it with a common place holder value could help us in suppressing credscan warnings using regex pattern match.
_Originally posted by @jeremymeng in https://github.com/Azure/azure-sdk-for-js/pull/12759#discussion_r596434526_
Suppressing the credscan warnings will help us reduce the noise. https://github.com/Azure/azure-sdk-for-js/pull/12759 can be used as a reference to consider replacements through the recorder.
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (5 by maintainers)
Top Results From Across the Web
Microsoft Azure Security Code Analysis task customization guide
This article describes lists YAML configuration options for customizing all tasks in the Microsoft Security Code Analysis extension.
Read more >Getting started with Credential Scanner (CredScan)
Credential Scanner (aka CredScan) is a tool developed and maintained by Microsoft to identify credential leaks such as those in source code and ......
Read more >[Aggregate Reports] - CredScan failing due to recorded secret ...
azure/communication-network-traversal has a secret that is not being properly sanitized and causing CredScan errors.
Read more >Using CredScan suppression files to ignore False Positives ...
Currently we are using a Credscan suppression file in Register and WKS service to suppress warnings raised by Credscan task enabled in ADO ......
Read more >cbq: The Command Line Shell for N1QL | Couchbase Docs
To unset the values from a parameter's stack, you can use the UNSET command to remove all the values from the stack and...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Hey @HarshaNalluru, I’m assigning this back to you because Sima is out on leave and you’ve begun working with @scbedd on a more general solution to JS recordings. I’m hoping this can be something you work into that project.
https://github.com/Azure/azure-sdk-for-js/pull/14954