@tomoyamachi The CIS-DI-0010 check is hitting too many false positives, its breaking several hundred of our CI pipelines, we are having to pull it completely because its just too much effort to go and add exceptions for everything. The presence of a json file does not mean it contains sensitive or secret information.

I absolutely get what you are going for with the CIS-DI-0010 check but the implementation is just too naive at the moment.

It is a hard problem to solve - we've tried a lot of tools that specialize in finding secrets and so far they all overwhelm with false positives and miss things -- for example "correct horse battery staple" (Infamous XKCD cartoon) is a secret but without context and understanding there is no tool that will ever flag it.