Find current secrets in project code¶
Context¶
This scenario uses a VCS project with the Secrets module enabled. The video below shows the short path from launching the scan to opening the findings list and using the built-in ML model to focus on secrets that are more likely to require attention.
Requirements¶
Before you start, make sure you have:
- a CodeScoring license with the Secrets module enabled;
- a VCS project where secrets analysis can be launched;
- access to the project and to the secrets analysis results in CodeScoring.
The embedded video is in Russian
The workflow in the interface is the same. Use it as a visual walkthrough of where to click and what to look at after the scan.
When you watch the walkthrough, pay attention to the Probability TP field and to the way the model helps filter out false positives. That makes it easier to move quickly to findings that are more likely to deserve review first.
What next¶
- review found secrets and their statuses;
- adjust secrets scanning parameters for the VCS project;
- enable regular secrets scanning.
Страница была полезна?