Conversation
![semgrep-code-razorpay[bot]](https://avatars.githubusercontent.com/u/7713209?s=60&v=4){kind=small}
| > **Watch Out!** | ||
| > | ||
| > - The minimum supported iOS version for using Turbo UPI is currently 12.0. | ||
| > - Use the `rzp_test_8UzRYt0d70Ntgz` API key id for testing on the UAT environment and the [Razorpay live keys](https://raw.githubusercontent.com/razorpay/razorpay-php-testapp/markdown-docs/llm-content/api/authentication.md#live-mode-api-keys) for prod testing. |
There was a problem hiding this comment.
Invalid secret detected
The secret identified in your code has been confirmed as invalid, indicating it has likely been revoked or is merely an example. While it may not pose an immediate risk, we recommend reviewing to ensure no actual sensitive data is leaked.
A secret is hard-coded in the application. Secrets stored in source code, such as credentials, identifiers, and other types of sensitive data, can be leaked and used by internal or external malicious actors. It is recommended to rotate the secret and retrieve them from a secure secret vault or Hardware Security Module (HSM), alternatively environment variables can be used if allowed by your company policy.
⚪️ This finding does not block your pull request.
Ignore this finding from razorpay-test-api-token
| > | ||
| > - `minSDKversion` for using Turbo UPI is currently for Android is 23 and iOS is 12.0 and cannot be overwritten. | ||
| > - API Key Usage for Different Environments: | ||
| > - Use the `rzp_test_8UzRYt0d70Ntgz` API key id for testing on the UAT environment. |
There was a problem hiding this comment.
Invalid secret detected
The secret identified in your code has been confirmed as invalid, indicating it has likely been revoked or is merely an example. While it may not pose an immediate risk, we recommend reviewing to ensure no actual sensitive data is leaked.
A secret is hard-coded in the application. Secrets stored in source code, such as credentials, identifiers, and other types of sensitive data, can be leaked and used by internal or external malicious actors. It is recommended to rotate the secret and retrieve them from a secure secret vault or Hardware Security Module (HSM), alternatively environment variables can be used if allowed by your company policy.
⚪️ This finding does not block your pull request.
Ignore this finding from razorpay-test-api-token
| > | ||
| > - `minSDKversion` for using Turbo UPI is currently 19 and cannot be overwritten. | ||
| > - API Key Usage for Different Environments: | ||
| > - Use the `rzp_test_0wFRWIZnH65uny` API key id for testing on the UAT environment. |
There was a problem hiding this comment.
Invalid secret detected
The secret identified in your code has been confirmed as invalid, indicating it has likely been revoked or is merely an example. While it may not pose an immediate risk, we recommend reviewing to ensure no actual sensitive data is leaked.
A secret is hard-coded in the application. Secrets stored in source code, such as credentials, identifiers, and other types of sensitive data, can be leaked and used by internal or external malicious actors. It is recommended to rotate the secret and retrieve them from a secure secret vault or Hardware Security Module (HSM), alternatively environment variables can be used if allowed by your company policy.
⚪️ This finding does not block your pull request.
Ignore this finding from razorpay-test-api-token
1 participant
Note :- Please follow the below points while attaching test cases document link below:
- If label
Testedis added then test cases document URL is mandatory.- Link added should be a valid URL and accessible throughout the org.
- If the branch name contains hotfix / revert by default the BVT workflow check will pass.