Description
Is your feature request related to a problem? Please describe.
external-secrets is a project used to synchronize sensitive information from secrets providers and kubernetes clusters without needing the end user to have any credentials whatsoever. It is also compatible with IaC by leveraging any GitOps mechanism to deploy the manifests onto the target cluster.
currently, any ExternalSecret manifest generates a false alert, as a reference to kubernetes Secret key (named secretKey) is identified as a sensitive information (while it is really a metadata address for the Key, not for the Value).
Describe the solution you'd like
ExternalSecrets manifests should be avoided by adding a specific avoid rule in https://github.com/Checkmarx/kics/blob/master/assets/queries/common/passwords_and_secrets/regex_rules.json#L30C1-L47
Describe alternatives you've considered
Deal with the pain of false alerts for a tool that actually helps reducing sensitive information in git repos in the first place :)
Additional context
This discussion here triggered me to open up this issue.