secret/password-in-url

Password in Connection String

highSecret patternsecretCWE-798 ↗

What it detects

Database or service URL with embedded password.

How it runs

Run against every text file in the repo (with a binary-content filter and a `.repoguardignore` filter for fixtures). The matched value is masked before being persisted.

Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.