Hi all

I have been trying to get Code Scanning to work for the first time in a public repository and was surprised to find that although scanning detected some quite clever flaws in a regex buried deep within JQuery it doesn’t seem to pay any attention to very obvious credentials in clear text of the form:

    public class IndexModel : PageModel
    {

        private readonly string username = "myUsername";
        private readonly string password = "myPassword";
        string connectionString = "Data Source=localhost;Database=secretDatabase;Integrated Security=false;User ID=administrator;Password=secretpassword;";
        string azureConnectionString = "Server = tcp:myserver.database.windows.net,1433;Database=myDataBase;User ID = mylogin@myserver;Password=myPassword;Trusted_Connection=False;Encrypt=True;";
}

Can anyone advise on why Code Scanning does detect such obvious patters in C# code?

Thanks in advance

S