ci: update detect-secrets scan to exclude specific baseline files

Author: fayedraza1234

.github/workflows/ci.yml

@@ -27,7 +27,7 @@ jobs:
       - name: Run detect-secrets scan (project folders) and compare to baseline
         # Scan only project folders so CI compares the same scope as the committed baseline.
         run: |
-          detect-secrets scan auth_platform dev-portal-ui/dev-portal-ui > new.baseline || true
+          detect-secrets scan --exclude-files '\.secrets\.baseline$' --exclude-files 'detect_findings\.baseline$' auth_platform dev-portal-ui/dev-portal-ui > new.baseline || true
           if [ -f .secrets.baseline ]; then
             echo "Comparing new scan to committed baseline (scoped)..."
             # Strip the generated_at timestamp from both files before comparing so

.secrets.baseline

@@ -120,67 +120,16 @@
     },
     {
       "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    },
+    {
+      "path": "detect_secrets.filters.regex.should_exclude_file",
+      "pattern": [
+        "\\.secrets\\.baseline$",
+        "detect_findings\\.baseline$"
+      ]
     }
   ],
   "results": {
-    ".secrets.baseline": [
-      {
-        "type": "Hex High Entropy String",
-        "filename": ".secrets.baseline",
-        "hashed_secret": "f46a885f6d43cf82800a22ccb17573cfb223b7ce",
-        "is_verified": false,
-        "line_number": 130
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": ".secrets.baseline",
-        "hashed_secret": "f46a885f6d43cf82800a22ccb17573cfb223b7ce",
-        "is_verified": false,
-        "line_number": 130
-      },
-      {
-        "type": "Hex High Entropy String",
-        "filename": ".secrets.baseline",
-        "hashed_secret": "08d5d9a01a4f36005ab0f8b05248b6d6847fadc1",
-        "is_verified": false,
-        "line_number": 139
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": ".secrets.baseline",
-        "hashed_secret": "08d5d9a01a4f36005ab0f8b05248b6d6847fadc1",
-        "is_verified": false,
-        "line_number": 139
-      },
-      {
-        "type": "Hex High Entropy String",
-        "filename": ".secrets.baseline",
-        "hashed_secret": "300ac668c782c666a9de0f2ccb59cea082255b5d",
-        "is_verified": false,
-        "line_number": 146
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": ".secrets.baseline",
-        "hashed_secret": "300ac668c782c666a9de0f2ccb59cea082255b5d",
-        "is_verified": false,
-        "line_number": 146
-      },
-      {
-        "type": "Hex High Entropy String",
-        "filename": ".secrets.baseline",
-        "hashed_secret": "255edd2793e5286d4441ea6bfba734b59e915864",
-        "is_verified": false,
-        "line_number": 153
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": ".secrets.baseline",
-        "hashed_secret": "255edd2793e5286d4441ea6bfba734b59e915864",
-        "is_verified": false,
-        "line_number": 153
-      }
-    ],
     "auth_platform/auth_platform/auth_service/auth.py": [
       {
         "type": "Secret Keyword",
@@ -241,5 +190,5 @@
       }
     ]
   },
-  "generated_at": "2025-11-16T21:06:24Z"
+  "generated_at": "2025-11-16T21:10:22Z"
 }