From cd7601e26b5dfbd7f9362014c80f3eda08317cfe Mon Sep 17 00:00:00 2001
From: Eran Turgeman <erant@jfrog.com>
Date: Sun, 21 Dec 2025 14:06:12 +0200
Subject: [PATCH 1/2] adding Token validation to Frogbot's output

---
 .../secret_review_content_simplified.md       |  6 ++---
 .../secrets/secret_review_content_standard.md |  6 ++---
 ...ret_violation_review_content_simplified.md |  8 +++---
 ...ecret_violation_review_content_standard.md |  8 +++---
 utils/outputwriter/outputcontent.go           | 20 +++++++++------
 utils/outputwriter/outputcontent_test.go      | 25 +++++++++++++------
 6 files changed, 43 insertions(+), 30 deletions(-)

diff --git a/testdata/messages/reviewcomment/secrets/secret_review_content_simplified.md b/testdata/messages/reviewcomment/secrets/secret_review_content_simplified.md
index 69ed8a48f..66fe23dad 100644
--- a/testdata/messages/reviewcomment/secrets/secret_review_content_simplified.md
+++ b/testdata/messages/reviewcomment/secrets/secret_review_content_simplified.md
@@ -4,9 +4,9 @@
 ## 🤫 Secret Vulnerability
 
 ---
-| Severity                | Status                  | Origin                  | Finding                  |
-| :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: |
-| High | Active | JFrog | Secret keys were found |
+| Severity                | Token Validation                  | Token Info                  | Origin                  | Finding                  |
+| :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: |
+| High | Active | The token was validated and found to be active. This indicates that the secret is currently in use. | JFrog | Secret keys were found |
 
 
 ---
diff --git a/testdata/messages/reviewcomment/secrets/secret_review_content_standard.md b/testdata/messages/reviewcomment/secrets/secret_review_content_standard.md
index f069d43b5..03c3a8d12 100644
--- a/testdata/messages/reviewcomment/secrets/secret_review_content_standard.md
+++ b/testdata/messages/reviewcomment/secrets/secret_review_content_standard.md
@@ -2,9 +2,9 @@
 ## 🤫 Secret Vulnerability
 <div align='center'>
 
-| Severity                | Status                  | Origin                  | Finding                  |
-| :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: |
-| ![high](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/applicableHighSeverity.png)<br>    High | Active | JFrog | Secret keys were found |
+| Severity                | Token Validation                  | Token Info                  | Origin                  | Finding                  |
+| :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: |
+| ![high](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/applicableHighSeverity.png)<br>    High | Active | The token was validated and found to be active. This indicates that the secret is currently in use. | JFrog | Secret keys were found |
 
 </div>
 
diff --git a/testdata/messages/reviewcomment/secrets/secret_violation_review_content_simplified.md b/testdata/messages/reviewcomment/secrets/secret_violation_review_content_simplified.md
index d3f02f9c8..185762d0c 100644
--- a/testdata/messages/reviewcomment/secrets/secret_violation_review_content_simplified.md
+++ b/testdata/messages/reviewcomment/secrets/secret_violation_review_content_simplified.md
@@ -4,10 +4,10 @@
 ## 🤫 Secret Violation
 
 ---
-| Severity                | ID                  | Status                  | Origin                  | Finding                  | Watch Name                  | Policies                  |
-| :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: |
-| High | secret-violation-id | Active | JFrog | Secret keys were found | jas-watch | policy1 |
-| Critical | secret-violation-id-2 | Inactive | JFrog | Secret keys were found | jas-watch2 | policy1, policy2 |
+| Severity                | ID                  | Token Validation                  | Token Info                  | Origin                  | Finding                  | Watch Name                  | Policies                  |
+| :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: |
+| High | secret-violation-id | Active | The token was validated and found to be active. This indicates that the secret is currently in use. | JFrog | Secret keys were found | jas-watch | policy1 |
+| Critical | secret-violation-id-2 | Inactive | The token was validated and found to be inactive. This indicates that the secret is no longer in use. | JFrog | Secret keys were found | jas-watch2 | policy1, policy2 |
 
 
 ---
diff --git a/testdata/messages/reviewcomment/secrets/secret_violation_review_content_standard.md b/testdata/messages/reviewcomment/secrets/secret_violation_review_content_standard.md
index 038dc3151..643373024 100644
--- a/testdata/messages/reviewcomment/secrets/secret_violation_review_content_standard.md
+++ b/testdata/messages/reviewcomment/secrets/secret_violation_review_content_standard.md
@@ -2,10 +2,10 @@
 ## 🤫 Secret Violation
 <div align='center'>
 
-| Severity                | ID                  | Status                  | Origin                  | Finding                  | Watch Name                  | Policies                  |
-| :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: |
-| ![high](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/applicableHighSeverity.png)<br>    High | secret-violation-id | Active | JFrog | Secret keys were found | jas-watch | policy1 |
-| ![critical (not applicable)](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/notApplicableCritical.png)<br>Critical | secret-violation-id-2 | Inactive | JFrog | Secret keys were found | jas-watch2 | policy1<br>policy2 |
+| Severity                | ID                  | Token Validation                  | Token Info                  | Origin                  | Finding                  | Watch Name                  | Policies                  |
+| :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: |
+| ![high](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/applicableHighSeverity.png)<br>    High | secret-violation-id | Active | The token was validated and found to be active. This indicates that the secret is currently in use. | JFrog | Secret keys were found | jas-watch | policy1 |
+| ![critical (not applicable)](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/notApplicableCritical.png)<br>Critical | secret-violation-id-2 | Inactive | The token was validated and found to be inactive. This indicates that the secret is no longer in use. | JFrog | Secret keys were found | jas-watch2 | policy1<br>policy2 |
 
 </div>
 
diff --git a/utils/outputwriter/outputcontent.go b/utils/outputwriter/outputcontent.go
index 5503185f1..eaffbb880 100644
--- a/utils/outputwriter/outputcontent.go
+++ b/utils/outputwriter/outputcontent.go
@@ -524,28 +524,32 @@ func SecretReviewContent(violation bool, writer OutputWriter, issues ...formats.
 
 func getSecretsDescriptionTable(writer OutputWriter, issues ...formats.SourceCodeRow) string {
 	// Construct table
-	table := NewMarkdownTable("Severity", "ID", "Status", "Origin", "Finding", "Watch Name", "Policies").SetDelimiter(writer.Separator())
+	table := NewMarkdownTable("Severity", "ID", "Token Validation", "Token Info", "Origin", "Finding", "Watch Name", "Policies").SetDelimiter(writer.Separator())
 	// Hide optional columns if all empty (violations/no status)
 	table.GetColumnInfo("ID").OmitEmpty = true
-	table.GetColumnInfo("Status").OmitEmpty = true
+	table.GetColumnInfo("Token Validation").OmitEmpty = true
+	table.GetColumnInfo("Token Info").OmitEmpty = true
 	table.GetColumnInfo("Watch Name").OmitEmpty = true
 	table.GetColumnInfo("Policies").OmitEmpty = true
 	// Construct rows
 	for _, issue := range issues {
-		// Determine the issue applicable status
+		// Determine the issue applicable tokenValidationStatus
 		applicability := jasutils.Applicable.String()
-		status := ""
+		tokenValidationStatus := ""
+		tokenValidationInfo := ""
 		if issue.Applicability != nil && issue.Applicability.Status != "" {
-			status = issue.Applicability.Status
-			if status == jasutils.Inactive.String() {
-				// Update the applicability status to Not Applicable for Inactive
+			tokenValidationStatus = issue.Applicability.Status
+			if tokenValidationStatus == jasutils.Inactive.String() {
+				// Update the applicability tokenValidationStatus to Not Applicable for Inactive
 				applicability = jasutils.NotApplicable.String()
 			}
+			tokenValidationInfo = issue.Applicability.ScannerDescription
 		}
 		table.AddRowWithCellData(
 			NewCellData(writer.FormattedSeverity(issue.Severity, applicability)),
 			NewCellData(issue.IssueId),
-			NewCellData(status),
+			NewCellData(tokenValidationStatus),
+			NewCellData(tokenValidationInfo),
 			NewCellData(issue.ScannerInfo.Origin),
 			NewCellData(issue.Finding),
 			NewCellData(issue.Watch),
diff --git a/utils/outputwriter/outputcontent_test.go b/utils/outputwriter/outputcontent_test.go
index 9f8ad6e36..595efa0de 100644
--- a/utils/outputwriter/outputcontent_test.go
+++ b/utils/outputwriter/outputcontent_test.go
@@ -882,11 +882,14 @@ func TestSecretsReviewContent(t *testing.T) {
 			},
 		},
 		{
-			name: "Secret review comment content with applicability status",
+			name: "Secret review comment content with applicability status and info",
 			issues: []formats.SourceCodeRow{{
 				SeverityDetails: formats.SeverityDetails{Severity: "High"},
-				Applicability:   &formats.Applicability{Status: jasutils.Active.String()},
-				Finding:         "Secret keys were found",
+				Applicability: &formats.Applicability{
+					Status:             jasutils.Active.String(),
+					ScannerDescription: "The token was validated and found to be active. This indicates that the secret is currently in use.",
+				},
+				Finding: "Secret keys were found",
 				ScannerInfo: formats.ScannerInfo{
 					RuleId:                  "rule-id",
 					Cwe:                     []string{"CWE-798", "CWE-799"},
@@ -909,12 +912,15 @@ func TestSecretsReviewContent(t *testing.T) {
 			},
 		},
 		{
-			name: "Secrets violation review comment content with applicability status",
+			name: "Secrets violation review comment content with applicability status and info",
 			issues: []formats.SourceCodeRow{
 				{
 					SeverityDetails: formats.SeverityDetails{Severity: "High"},
-					Applicability:   &formats.Applicability{Status: jasutils.Active.String()},
-					Finding:         "Secret keys were found",
+					Applicability: &formats.Applicability{
+						Status:             jasutils.Active.String(),
+						ScannerDescription: "The token was validated and found to be active. This indicates that the secret is currently in use.",
+					},
+					Finding: "Secret keys were found",
 					ScannerInfo: formats.ScannerInfo{
 						RuleId:                  "rule-id",
 						Cwe:                     []string{"CWE-798", "CWE-799"},
@@ -930,8 +936,11 @@ func TestSecretsReviewContent(t *testing.T) {
 				},
 				{
 					SeverityDetails: formats.SeverityDetails{Severity: "Critical"},
-					Applicability:   &formats.Applicability{Status: jasutils.Inactive.String()},
-					Finding:         "Secret keys were found",
+					Applicability: &formats.Applicability{
+						Status:             jasutils.Inactive.String(),
+						ScannerDescription: "The token was validated and found to be inactive. This indicates that the secret is no longer in use.",
+					},
+					Finding: "Secret keys were found",
 					ScannerInfo: formats.ScannerInfo{
 						RuleId:                  "rule-id",
 						Cwe:                     []string{"CWE-798", "CWE-799"},

From e4d79010acab0ce60cb72a4caed648251b58c70a Mon Sep 17 00:00:00 2001
From: Eran Turgeman <erant@jfrog.com>
Date: Mon, 22 Dec 2025 14:35:00 +0200
Subject: [PATCH 2/2] CR comments

---
 utils/outputwriter/outputcontent.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/utils/outputwriter/outputcontent.go b/utils/outputwriter/outputcontent.go
index eaffbb880..66251fedd 100644
--- a/utils/outputwriter/outputcontent.go
+++ b/utils/outputwriter/outputcontent.go
@@ -533,14 +533,12 @@ func getSecretsDescriptionTable(writer OutputWriter, issues ...formats.SourceCod
 	table.GetColumnInfo("Policies").OmitEmpty = true
 	// Construct rows
 	for _, issue := range issues {
-		// Determine the issue applicable tokenValidationStatus
 		applicability := jasutils.Applicable.String()
 		tokenValidationStatus := ""
 		tokenValidationInfo := ""
 		if issue.Applicability != nil && issue.Applicability.Status != "" {
 			tokenValidationStatus = issue.Applicability.Status
 			if tokenValidationStatus == jasutils.Inactive.String() {
-				// Update the applicability tokenValidationStatus to Not Applicable for Inactive
 				applicability = jasutils.NotApplicable.String()
 			}
 			tokenValidationInfo = issue.Applicability.ScannerDescription