Template for a good new topic, formatted with Markdown:
- ALM used: GitHub
- CI system used: GitHub Actions
- Languages of the repository: Python
- Error observed:
Sonarcloud detects some security configuration in Python Flask (SECURITY_PASSWORD_HASH
) as potential password. - To reproduce: Create a Flask project and add SECURITY_PASSWORD_HASH as part of the configuration in python code. It sets the crypto algorithm used to hash passwords, so it’s basically safe.
- Potential workaround: I could set the line as safe and be done with it, but I believe the community would benefit from an update of the scanner rules
Thanks