• I'm submitting a ...

  • bug report
  • feature request

• What is the current behavior?

When running a detect-secrets audit, the tool displays the following prompt:

"Is this a secret that should be committed to this repository? (y)es, (n)o, (s)kip, (q)uit:"

This prompt is worded in a way that only makes sense if the detection is actually a secret. The wording doesn't make sense when the detection is not a secret (false positive).

• If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem

Not a bug.

• What is the expected behavior?

The prompt should be worded to make sense for false positives, as well as for genuine detections.

• What is the motivation / use case for changing the behavior?

False positives are common -- 100% of detections have been false positives so far in my experience. The prompt wording should make sense in the case of false positives.

If the user is taking the question in the prompt literally, what is the correct response for a false positive? Should we answer (y)es because it should be committed, or (n)o because it's not a secret? It's unclear.

I would suggest an alternative and simpler wording that works in both cases, such as:

Should this item be committed to this repository?

• Please tell us about your environment:

  • detect-secrets Version: 1.4.0
  • Python Version: 3.11.4
  • OS Version: MacOS Sonoma 14.1.1
  • File type (if applicable):

• Other information