{ "id": 13, "category": "hard", "title": "Legacy Audit", "description": "A secret was committed in v1.0 and still exists in Git history.", "scan_mode": "git", "exclude_paths": [ ".env" ], "secrets": [ { "id": "s1", "type": "github_token", "path": "config.py", "line": 1, "visibility": "surface" }, { "id": "s2", "type": "github_token", "path": "config.py", "line": 1, "visibility": "deep", "requires_action": "inspect_git_history" }, { "id": "s3", "type": "assignment_secret", "path": "config.py", "line": 1, "visibility": "cascading", "trigger_secret_id": "s1" } ], "build_script": "build_repo.py", "conflict_map": { "s1": { "reveals": [ "s3" ], "blocks": [], "note": "Removing the live token exposes the fact the git history still leaks the original v1.0 value" }, "s2": { "reveals": [], "blocks": [ "s3" ], "note": "Git history must be rewritten (filter-repo) before the cascading env-var secret can be resolved" } } }