2024-01-09 21:00 UTC Engineering has identified and is currently investigating an issue where Semgrep Secrets surfaced false positive findings.
The cause was determined to be that rules from an internal training were accidentally applied to customer scans. The only impact to customers were the false positives shown by the Secrets product, no sensitive data was displayed to customers.
2024-01-09 22:00 UTC We disabled the ability to add new Semgrep Secrets rules to prevent additional rules from being mistakenly applied to customer scans while we continued to remediate the underlying issue.
2024-01-10 01:00 UTC We removed the previously mentioned rules. Scans completed after this time would remove any false positives findings previously identified.
Customers that still see false positives should re-run a scan against the impacted projects. Please reach out to Semgrep support if this does not resolve the issue.