Skip to content

Incorrect detection of SBOM SPDX manifest as sendgrid secrets #1168

New issue
New issue
Open
Open
Incorrect detection of SBOM SPDX manifest as sendgrid secrets#1168
Assignees
benibenj
Labels
blocked upstreambugIssue identified by VS Code Team member as probable bug
@BernieWhite

Description

@BernieWhite
BernieWhite
opened on Jun 14, 2025

When using vsce package command, errors are returned for manifest.spdx.json files claiming they are Send Grid secrets, however they are just hashes as per SPDX SBOM spec.

Example file with false positive: https://www.powershellgallery.com/packages/PSRule.Rules.Azure/1.41.0/Content/_manifest%5Cspdx_2.2%5Cmanifest.spdx.json

Metadata

Metadata

Assignees

Labels

blocked upstreambugIssue identified by VS Code Team member as probable bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions