Fix secrets false-positive filter ignoring includeFalsePositives flag

pranavcodeant · claude · pranavcodeant · commit b385654caad1 · 2026-05-05T12:13:35.000+05:30
The local post-fetch filter for secrets was unconditionally stripping
issues with confidence_score='false_positive', overriding the server-side
include_false_positives param and making the CLI flag have no effect.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/src/scans/fetchAdvancedScanResults.js b/src/scans/fetchAdvancedScanResults.js
@@ -299,8 +299,8 @@ export async function fetchAdvancedScanResults(repo, commitId, resultType, opts
       }
     }
 
-    // Filter secrets false positives
-    if (resultType === ADVANCED_RESULT_TYPES.SECRETS) {
+    // Filter secrets false positives only when caller explicitly excludes them
+    if (resultType === ADVANCED_RESULT_TYPES.SECRETS && !includeFalsePositives) {
       issues = issues.filter((issue) => String(issue.confidence_score || '').toLowerCase() !== 'false_positive');
     }
 

Original file line number	Diff line number	Diff line change
`@@ -299,8 +299,8 @@ export async function fetchAdvancedScanResults(repo, commitId, resultType, opts`
`299`	`299`	`}`
`300`	`300`	`}`
`301`	`301`
`302`		`- // Filter secrets false positives`
`303`		`- if (resultType === ADVANCED_RESULT_TYPES.SECRETS) {`
	`302`	`+ // Filter secrets false positives only when caller explicitly excludes them`
	`303`	`+ if (resultType === ADVANCED_RESULT_TYPES.SECRETS && !includeFalsePositives) {`
`304`	`304`	`issues = issues.filter((issue) => String(issue.confidence_score \|\| '').toLowerCase() !== 'false_positive');`
`305`	`305`	`}`
`306`	`306`