Git SHAs are detected as AWS Secret Access Keys

[danbarr]

Describe the issue

Git SHAs and AWS Secret Access Keys match the same regex pattern. Unfortunately I don't think anything but the proposed enhancements to secrets detection context will solve for this, but documenting anyway.

For example, the uses line in this GitHub Actions workflow is being detected/alerted as an AWS secret:

    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

Steps to Reproduce

Add a Git SHA reference in a file or prompt. CodeGate will alert about a detected AWS secret:

Amazon - Secret Access Key:

steps:
- uses: REDACTED<$K0JvoN3DmtK4KOHLFj681lbvkYV5u7kpaD6tYAZBJbVpnrXuZ/SRllg4BdiRjibBXQQfisfuDqKaWJArQVviJgQCysgF+xllc1Gb4htk/RJEjE+rH2yK8HySckVKXwfO> # v4

Operating System

MacOS (Arm)

IDE and Version

VS Code 1.96.3

Extension and Version

GitHub Copilot 1.257.0

Provider

GitHub Copilot

Model

Any

Logs

No response

Additional Context

No response

[yrobla]

@danbarr i actually removed the recognition of secret access key, because it was messing with other outputs as well. For example, it was obfuscating paths or just simple strings with 40 char length. As it was giving lots of false positives and messing with the llm responses, i dropped it.
So it should not be an issue anymore, can you confirm?