Enable Dynamic Token Validation
This feature checks whether detected secrets are still active, reducing false alarms for expired or inactive credentials.
- Navigate to Administration > Xray Settings > Advanced Security.
- Locate the Enable Dynamic Token Validation option and enable it.
- Save the settings.
View & Manage Secrets Scan Results
This process helps security teams review, assess, and act on detected secrets to prevent credential leaks.
- Navigate to Scans List > Repositories.
- Select the relevant scan report to view detected secrets.
- Review scan results, which include:
- Severity classification (Critical, High, Medium, Low).
- Secret type (e.g., API Key, OAuth Token, SSH Private Key).
- Suggested remediation actions (e.g., revoke, rotate, or secure the secret).
- Take necessary actions, such as revoking compromised secrets or configuring ignore rules.