To help you sift through noisy alerts, Bridgecrew verifies if a found secret is valid or not. The platform will take secrets found in repository and CLI scans and validate them against public APIs to help prioritize removing or revoking valid secrets.
Information about a secret’s validity will show up in the CLI and PR comment output, as well as on the Projects and Resource Explorer pages. On the Projects page, you can filter by Valid, Invalid, or Unknown to quickly find and prioritize secrets.
Validation can be enabled in Settings > Code Repository Settings > Validate Secrets for Periodic scans and using the environment variable CKV_VALIDATE_SECRETS for CLI runs.