Skip to content

Security scan picks up Azurite connection string in javascript output #33284

New issue
New issue
Open
Open
Security scan picks up Azurite connection string in javascript output#33284
Assignees
EmmaZhu
Labels
ClientThis issue points to a problem in the data-plane of the library.StorageStorage Service (Queues, Blobs, Files)customer-reportedIssues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
@dee-cf

Description

@dee-cf
dee-cf
opened on Mar 5, 2025

We use @azure/storage-blob in our angular app.
After build, we run security scan and the scanner finds Azurite blob storage emulator connection string in our resulting artifacts chunks.

The connection string is:

Rd = "DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;"

Is there a way to turn this off so that connection string doesn't show up in chunks/artifacts at all?

Metadata

Metadata

Assignees

Labels

ClientThis issue points to a problem in the data-plane of the library.StorageStorage Service (Queues, Blobs, Files)customer-reportedIssues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions