Description
While using detect-secrets audit, I noticed that answering Yes/No to the audit prompt:
"Should this string be committed to the repository?"
does not update the is_verified field, but instead adds a new field is_secret: true/false.
Example after audit:
{
"is_verified": false,
"is_secret": false
}Expected / Clarification Needed
Could you please clarify:
- Whether is_verified is now considered a legacy / unused field
- Whether the presence of is_secret is the correct way to determine that a finding has been audited
- Whether documentation should be updated to reflect this newer audit behavior
Description
While using
detect-secrets audit, I noticed that answering Yes/No to the audit prompt:does not update the
is_verifiedfield, but instead adds a new fieldis_secret: true/false.Example after audit:
{ "is_verified": false, "is_secret": false }Expected / Clarification Needed
Could you please clarify: