Users can now scan for valid secrets in their repo's git history! This functionality is off by default, so users will have to toggle it on in the settings menu or run semgrep ci
with --historical-secrets
.
A few things to note:
Historical scanning can be slow with large repos.
Findings from historical scans will not be automatically be marked as fixed. Currently these findings can only exist in two states: Open
or Ignored
.
Please don't hesitate to share any feedback with your account team!