I am currently evaluating Deepsource for code security needs and have come across an issue I am hoping to clarify.
During my analysis of a .NET code repository, I noticed that Deepsource does not seem to detect secrets or credentials within the app config file. This file often contain sensitive information such as database connection strings or API keys, I was expecting Deepsource to flag them if any secrets were present.
Could you please confirm if:
- Deepsource is able to detect secrets within these types of configuration files?
- There are any specific settings or configurations I need to apply in order to enable this detection?
- If this functionality is not currently supported, is it something that will be added in future releases?
I look forward any guidance on this matter.