|
|
|
|
|
|
by 0cf8612b2e1e
739 days ago
|
|
|
Ehhh considering how low the security bar is, I think it is better than nothing. If you inherit a code base, make it a quick initial action to see how much pain you can expect. In practice, I expect a tool like this has so many false positives you cannot keep it as an always running action. More a manual review you run occasionally. I hope that more secrets adopt a GitHub like convention where they are prefaced with an identifier string so that you do not require heuristics to detect them. |
|
|