awslambda_function_no_secrets_in_code false positive in *.deps.json files

[JaimeArcilaNRW]

Feature search

• I have searched the existing issues and this feature has not been requested yet or is already in our Public Roadmap

Which component would this feature affect?

Prowler CLI/SDK

Related to specific cloud provider?

AWS

New feature motivation

The problem: .deps.json files in .NET Lambda deployments generate false positive "Secret Keyword" findings

Solution Proposed

The request: add file-pattern exclusions to the mutelist (e.g. Files: - "*.deps.json") so users can suppress findings based on the filename inside the Lambda package rather than only at the function level. When Using AWS Secrets manager there is a reference to this service causing false positives.

Use case and benefits

C# .NET Developers which work in AWS and have many .deps.json files.

Describe alternatives you've considered

Tried to suppress all Lambda warnings but it masks real secrets risks

Additional context

No response

[HugoPBrito]

Hola @JaimeArcilaNRW, could you please confirm the fix works for you?

[JaimeArcilaNRW]

Hi Hugo: Thanks for responding. The option you are offering sounds great. In the next two weeks I will test it and let you know. Thanks for your help. Jaime Arcila R. Director de Investigación y Desarrollo Carrera 43DD No. 8-42 Medellín, Colombia 📱 (+57) 310 537 3000 <http://www.numrot.com/> www.numrot.com DIAN Proveedor Tecnológico Autorizado: 002803, ISO 9001:2015, ISO 27001:2013 El contenido de este documento y/o sus anexos es de carácter confidencial y para uso exclusivo de la persona natural o jurídica, a la que se encuentra dirigido. Si usted no es su destinatario intencional, por favor, re envíanoslo de inmediato y elimine el documento y sus anexos. Cualquier retención, copia, reproducción, difusión, distribución y, en general, cualquier uso indebido, es prohibido y penalizado por la Ley. VSDC S.A.S. manifiesta que los anexos han sido revisados y estima que se encuentran sin virus. Pero, quien los reciba, se hace responsable de las pérdidas o daños que su uso pueda causar. De: Hugo Pereira Brito ***@***.***> Enviado el: Tuesday, May 19, 2026 5:39 AM Para: prowler-cloud/prowler ***@***.***> CC: JA ***@***.***>; Mention ***@***.***> Asunto: Re: [prowler-cloud/prowler] awslambda_function_no_secrets_in_code false positive in *.deps.json files (Issue #11148) <https://avatars.githubusercontent.com/u/101209179?s=20&v=4> HugoPBrito left a comment (prowler-cloud/prowler#11148) <#11148 (comment)> Hola @JaimeArcilaNRW <https://github.com/JaimeArcilaNRW> , could you please confirm the fix works for you? — Reply to this email directly, view it on GitHub <#11148 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/ATVFAQOZH4KVPMCIVYF7DZ343Q2TBAVCNFSM6AAAAACY3MKNSWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHM2DIOBWHEYDEMBYGE> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> . You are receiving this because you were mentioned. <https://github.com/notifications/beacon/ATVFAQJA7YRITB6BRSODL2343Q2TBBFCNFSM6AAAAACY3MKNSWWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTYAAAAACC3QWFA2M4TFMFZW63VHNVSW45DJN5XA.gif> Message ID: ***@***.*** ***@***.***> >