Snyk Code Rollback: Hardcoded Secrets Improvement

On Oct 23rd, we deployed an improvement that aligned our hardcoded secrets behavior for JavaScript and Java, causing an increase in CWE-547 (Hardcoded Secrets). Unfortunately the rule change made a larger impact than intended, resulting in reports of false positives. We have decided to roll back the deployment, and this will be pushed to production on Friday, Oct 27th.

Customers may have seen an increase in hardcoded secrets issues, specifically for CWE-547 in JavaScript and Java. Starting Monday, Oct 30th, the issues and any resulting false positives generated last week will be corrected.

If you have any questions, please reach out to your account teams.