Improvements to Secrets Analyzer

We've made significant improvements to the Secrets Analyzer, primarily around reducing false-positives and improving accuracy:

• We now handle Terraform (HCL) template interpolation better. This reduces false-positives in cases like this:

GITHUB_APP_SECRET = "${data.terraform_remote_state.cat["credentials"].outputs.secretsmanager_secret_app.arn}:secret::"

env.STATE_KEY = "cluster/${SOME_COMPONENT}/terraform.tfstate"

api_key = data.secretsmanager_secret_version.terraform_service_account_access_token.secret_key

• In VueJS (.vue) files, we handle component props better so we're able to filter out values that could be mistaken for hardcoded secrets. For example:

<PasswordStrengthCheck
  :password="password" class="mb-4"
  @onStrongPassword="onStrongPassword" // This isn't a hardcoded password.
/>

Refreshed application navigation

We've polished the main application navigation to make it easier to find your way around. The sidebar now has a cleaner look, and adds a new Favorites section that lets you quickly access your most-used repositories.

Fixes and Improvements

• API: We've added two new mutations that can be used to update metric thresholds and issue priority gates on a repository — updateRepositoryIssuePrioritySetting and updateRepositoryMetricSetting.
• GitHub Integration: MAINTAIN role on GitHub repositories are now mapped to ADMIN role on DeepSource. This makes it easier to manage permissions across both platforms, since we heard from several customers that the existing mapping was not very intuitive.