Secret Scanning in a SourceCraft repository

Secret Scanning is a tool that checks every commit in the repository history for sensitive data contained in the code, e.g., API keys, tokens, certificates, and other secrets.

To view secrets detected in a repository:

1. Open the SourceCraft home page.

2. On the Home tab, navigate to Repositories and select a repository.

3. Under Security on the repository page, go to Secret Scanning.

4. To view information about a specific incident, select it from the list.

   For each secret found, the following information will be provided:

   • Secret type.
   • Commit ID and last detection time.
   • Path to the file and the code snippet containing the secret.
   • Incident status: Open or Resolved.
   • False positive mark (if any).

5. To mark an incident as resolved, follow these steps:

   1. Next to the incident, click Resolved.
   2. Add a comment for the incident.
   3. Optionally, mark the incident as a false positive.
   4. Click Resolve.

6. To reopen an incident, click Reopen next to it.

See also

• Security in SourceCraft
• Analyzing vulnerabilities in SourceCraft repository dependencies