Short description
GitHub Secret Scanning detected a publicly exposed Google API key in the Ant Media Server Community Edition release package. The key appears to be embedded in generated/minified JavaScript files included with the release.
Environment
- Operating system and version: Windows 11
- Java version: N/A
- Ant Media Server version: Community Edition 3.0.3
- Browser name and version: Google Chrome
Steps to reproduce
- Download Ant Media Server Community Edition release package.
- Extract or upload the source/release files to a public GitHub repository.
- GitHub Secret Scanning automatically detects a Google API key in the included JavaScript assets.
- Check inside /webapps/root/18-es2015.8cffc0fc298213a565be.js and webapps/root/18-es5.8cffc0fc298213a565be.js
Expected behavior
The release package should not contain publicly exposed API keys or credentials that trigger GitHub Secret Scanning alerts.
Actual behavior
GitHub Secret Scanning reports a leaked Google API key located in bundled JavaScript files under the webapps directory.
Logs
GitHub Secret Scanning alert:
- Secret type: google_api_key
- Detected in bundled JavaScript files included with the release package.
Please verify whether this is:
- An active Google API key accidentally included in the release.
- A deprecated/test key that should be removed.
- A false positive generated from bundled assets.
Short description
GitHub Secret Scanning detected a publicly exposed Google API key in the Ant Media Server Community Edition release package. The key appears to be embedded in generated/minified JavaScript files included with the release.
Environment
Steps to reproduce
Expected behavior
The release package should not contain publicly exposed API keys or credentials that trigger GitHub Secret Scanning alerts.
Actual behavior
GitHub Secret Scanning reports a leaked Google API key located in bundled JavaScript files under the webapps directory.
Logs
GitHub Secret Scanning alert:
Please verify whether this is: