/

Viewing Detections

Scanner results

The Detections page shows all secrets found by the ByteHide Secret Scanner in your codebase.

Accessing the Detections Dashboard

  1. Log in to ByteHide Cloud
  2. Select your project
  3. Click on the Detections tab

Detections Dashboard

Understanding Detections

The Detections dashboard shows:

  • Type: What kind of secret was detected (API key, password, etc.)
  • Location: Where the secret was found (file path and line number)
  • Confidence: How sure the scanner is that this is a real secret
  • Date: When the secret was detected
  • Repository: Which repository or application contained the secret

Viewing Detection Details

Click on a detection to see more details:

  1. The detected value (if DisplayCode is enabled)
  2. The code context where the secret was found
  3. Options to export or ignore the detection

Detection Details

Confidence Levels

Detections are labeled with confidence levels:

  • High: Very likely to be a real secret (red)
  • Medium: Probably a secret (yellow)
  • Low: Might be a secret (blue)

Focus on high confidence detections first, as they represent the highest security risk.

Filtering Detections

Use the filters to narrow down the results:

  1. Type: Filter by the type of secret
  2. Date Range: View detections from a specific time period
  3. Confidence: Filter by confidence level
  4. Repository/Application: View detections from specific sources

Exporting Detected Secrets

When you find a legitimate secret, you can export it to your Secrets Manager:

  1. Click on the detection
  2. Click Export to Secrets Manager
  3. Enter a key name
  4. Select the environments to export to
  5. Click Export

This helps you transition from hardcoded secrets to the secure Secrets Manager.

Ignoring False Positives

Sometimes the scanner might identify a value that isn't actually a secret. To ignore these:

  1. Click on the detection
  2. Click Ignore Detection
  3. Enter a reason for ignoring (optional)
  4. Click Confirm

Ignored detections can be viewed by clicking the Show Ignored filter.

Automatic Actions

The scanner can be configured to take automatic actions when secrets are detected:

  • Auto-Export: Automatically export detected secrets to the Secrets Manager
  • Notifications: Send alerts when secrets are detected
  • Build Failure: Optionally fail builds when secrets are found

Configure these options in the Scanner Configuration.

Scan History

View the history of all scans:

  1. Click on the Scanner tab
  2. Go to the Analysis sub-tab
  3. View all past scans with their results

Scan History

This helps you track when secrets were introduced and whether your security is improving over time.

Repository Integration

For GitHub-connected repositories:

  1. Click on a detection
  2. Click the GitHub link to view the exact location in your repository Scan History
  3. Fix the issue directly in your code Scan History

Best Practices

Regular Reviews

Schedule regular reviews of your detections:

  1. Set a weekly or bi-weekly calendar reminder
  2. Review any new detections
  3. Export legitimate secrets to the Secrets Manager
  4. Ignore false positives

Remediation Workflow

When a secret is detected:

  1. Immediately revoke the compromised secret if possible
  2. Create a new secret in the Secrets Manager
  3. Update your application to use the Secrets Manager
  4. Commit the fix to remove the hardcoded secret

Next Steps

Previous
Managing Secrets
Next
Environment Management