Skip to content

S003: skip detection inside code blocks #7

Open
Open
S003: skip detection inside code blocks#7
Labels
enhancementNew feature or request
@hermanngeorge15

Description

@hermanngeorge15
hermanngeorge15
opened on Apr 1, 2026

Problem

S003 scans raw lines for secret patterns. If a CLAUDE.md documents secret patterns as examples of what NOT to commit, S003 will flag them as false positives.

## Constraints
- Never commit keys like `sk-abc123...` or `ghp_...`

Proposal

Same approach as S005 — skip lines inside fenced code blocks. Security rules should err on the side of caution, so this could be opt-in via a future --strict flag that checks code blocks too.

Acceptance Criteria

  • Secrets inside fenced code blocks do NOT trigger S003
  • Secrets outside code blocks still trigger S003
  • Consider a --strict flag for future versions

Labels

enhancement, rule:S003

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions