[Bug]: Failing cloudformation_outputs_find_secrets due to uuids created by set.dev

[akunap2]

What happened?
We use sst.dev to configure and deploy our Cloudformation stacks. Therefore our Cloudformation stack outputs contain metadata used by SST which contains multiple uuids. These uuids are being detected as secrets even though they are not secrets.

How to reproduce it
Steps to reproduce the behavior:

1. What command are you running?
   Use sst.dev to deploy your application to AWS.

run:
prowler aws --checks cloudformation_outputs_find_secrets

2. Cloud provider you are launching
   AWS

3. See the above checks failing.

Expected behavior
These checks should pass as there are no actual secrets being passed in. After looking more into the issues, it looks like Prowler is flagging uuids created by sst.dev in the process of deploying the application to AWS as secrets. Is there a way to mark this as non secrets?

From where are you running Prowler?
Please, complete the following information:

• Resource: CloudFormation & Lambda
• OS: Mac
• Prowler Version [prowler --version]: 3.1.4
• Python version [python --version]: 3.9.6
• Pip version [pip --version]: 23.0
• Installation method (Are you running it from pip package or cloning the github repo?): pip package
• Others:

[JeffreySouza]

I think you will want to make an issue in the detect_secrets repo (example) and provide an example of what the flagged UUID looks like

[n4ch04]

Hi @akunap2, as @JeffreySouza points Prowler use detect_secrets to look for secrets into source code, to avoid getting those results as FAILS we recommend you to whitelist that resources for that check

[n4ch04]

Hi @akunap2 since it is not an issue from Prowler, we are going to close this.
Feel free to reopen if there is another problem.

Thanks for using Prowler !!