Skip to content

v0.4.4

Choose a tag to compare

View all tags
@debu-sinha debu-sinha released this 18 Feb 21:04
· 58 commits to main since this release
v0.4.4
b235afb

Credential Scanner FP Hardening (Expert Swarm)

False Positive Fixes

  • Add well-known example values allowlist: AWS AKIAIOSFODNN7EXAMPLE, jwt.io canonical token, Databricks documentation tokens
  • Add entropy gating on extra patterns (OpenAI, Groq, Replicate, etc.) — previously only detect-secrets had entropy checks
  • Add character class diversity check: require 2+ of {lowercase, uppercase, digits} in post-prefix body
  • Expand placeholder vocabulary: demo, mock, stub, invalid, redacted, revoked, expired, todo, fixme
  • Expand prefix stripping: gsk_, r8_, pcsk_, co-, vercel_, AIza, sk-proj-, sk-svcacct-
  • Add private key body check: skip PEM blocks with trivially fake content (<10 chars)
  • Fix EXAMPLE word boundary to exclude domain names (example.com)

Stats

  • 324 tests passing, 1 skipped, 4 xfail
  • 70 adversarial Red Team tests (4 previously-known bugs now fixed)
  • All CI checks green across Python 3.10/3.12/3.13, Ubuntu/macOS/Windows
Assets 2
Loading