Include secret findings in GDPR report summary and processing categories by Jeffrin-dev · Pull Request #13 · Jeffrin-dev/ShadowAudit

Jeffrin-dev · 2026-03-29T06:16:42Z

The GDPR report generator did not represent secret findings from scan_result.secrets_found in the report summary or processing categories, so secrets were missing from summary.detected_entity_types and processing.categories_of_personal_data.

Updated generate_gdpr_report() in shadowaudit/reports/gdpr_report.py to collect scan_result.secrets_found and increment a synthetic "SECRET" entity in the entity_counter when secrets are present.
Constructed categories_of_personal_data from the entity keys and appended "API keys and credentials" when the SECRET entity is present.
Extended the test helper _event() in tests/test_audit_and_reports.py to accept a secrets argument and added test_generate_gdpr_report_includes_secrets_in_summary_and_processing() that writes an event with secrets and asserts the report includes the SECRET count and the API keys and credentials category.

Ran pytest -q tests/test_audit_and_reports.py and all tests passed (3 passed).

Include secrets in GDPR report summary and categories

845bfdf

Jeffrin-dev added the codex label Mar 29, 2026 — with ChatGPT Codex Connector

Jeffrin-dev merged commit be634e2 into main Mar 29, 2026
1 check passed

Provide feedback