Skip to main content

Search

Alert Annotation: Semgrep Secrets

Why am I seeing this note?

While we've worked hard to make sure that Canarytokens chirp when it matters, we realise that some solutions will occasionally touch Canarytokens in ways that look a lot like attacker behaviour.

We want to let you know this is happening, but we also want to let you know that to us, this doesn't look like a full-blown attack.

We add these tiny but visible annotations to alerts to let you know what we think.

What is Semgrep Secrets?

Semgrep Secrets is a secret-scanning product that looks for exposed credentials and other sensitive values in source code and related systems. 
 
When Semgrep Secrets detects a possible credential, such as a Slack API key Canarytoken, it may attempt to validate whether that credential is active. That validation can trigger an alert that someone has used your Slack API key Canarytoken.

So, what does this mean?

We add these annotations to give you some context to why you may be seeing this particular incident.

If you're seeing this annotation, we've deduced that the alert source looks sufficiently like a scan from Semgrep Secrets. 

How do I ignore these alerts?

If your Canarytoken has been exposed in a place monitored by Semgrep Secrets and you would prefer to no longer receive these alerts, simply click the Ignore alerts like this button. This will add them to your Global Ignored Alerts list. We will no longer notify you about these alerts, but you can still access them at any time.

CleanShot 2026-05-26 at 16.09.07@2x.png

Example of the Annotation exclusion under the Global settings — Ignored Alerts:

CleanShot 2026-05-26 at 16.11.52@2x.png

thinkst-canary-inyoni.gif

Was this article helpful?
0 out of 0 found this helpful
Return to top