GitHub Community
Invalid detection of a sample octokit token #114327
Unanswered
peckjon
asked this question in
Code Security
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
-
Select Topic Area
Bug
Body
The package octokit/[email protected] contains a codesample in its README containing this (presumably invalid) token:
v1.d3d433526f780fbcc3129004e2731b3904ad0b86Secret Scanning detects this as a "Possibly active secret"
Breadth of impact: anyone using
octokit/[email protected](legacy, but still present in the world)Suggested fix: globally allow-list
v1.d3d433526f780fbcc3129004e2731b3904ad0b86Beta Was this translation helpful? Give feedback.
All reactions