Description
We're experiencing an issue where GitHub's secret scanning inconsistently flags certain non-sensitive values as secrets. This happens randomly across our pipelines built on GitHub Actions, leading to disruptions in automated workflows.
There are cases where critical but known-safe values (e.g., tokens used in test environments, default keys, or internal identifiers) are mistakenly flagged, causing unnecessary build failures or alerts.
Why This Matters:
The issue is not consistent — it occurs randomly, making it hard to anticipate and debug.
It disrupts our CI/CD pipeline, especially when values that are safe and essential to the build are suddenly treated as secrets.
It adds friction to our development and deployment process, as we have to manually investigate or bypass these false positives.
Proposed Solution:
Provide a way to explicitly exclude or allowlist specific strings or patterns so they are not treated as secrets during scans. This could be configured through a file (e.g., .secretignore) or through repository settings.
Benefits:
Prevents unnecessary pipeline failures
Reduces false positives and noise in secret scanning
Improves developer confidence and efficiency
Supports more flexible and accurate use of GitHub Actions and secret scanning tools
The error is attached below
