Update CredScanSuppression.json

[qiaozha]

Packages impacted by this PR

Issues associated with this PR

This PR is to fix the following issue from nightly build report.

##[error]sdk/securityinsight/arm-securityinsight/samples-dev/connectAnApiPollingDataConnector.ts:sdk/securityinsight/arm-securityinsight/samples-dev/connectAnApiPollingDataConnector.ts(29,13): Error CSCAN-GENERAL0130: Client Secret / Api Key: A potential secret was detected in 'connectAnApiPollingDataConnector.ts':(CSCAN-GENERAL0130 Client Secret / Api Key) Validate file contains secrets, remove, roll credential, and use approved store. For additional information on secret remediation see https://aka.ms/credscan.

Describe the problem that is addressed by this PR

What are the possible designs available to address the problem? If there are more than one possible design, why was the one in this PR chosen?

Are there test cases added in this PR? (If not, why?)

Provide a list of related PRs (if any)

Command used to generate this PR:**(Applicable only to SDK release request PRs)

Checklists

• Added impacted package name to the issue description
• Does this PR needs any fixes in the SDK Generator?** (If so, create an Issue in the Autorest/typescript repository and link it here)
• Added a changelog (if necessary)

[qiaozha]

@maorleger Could you help take a review for this PR ? Thanks

[maorleger]

LGTM. Just FYI I asked in the issue #20028 (comment) whether there's a list of approved swagger placeholders so that we can just ensure our suppressions are in-sync

[jeremymeng]

@qiaozha is it possible to use one of the existing place holders? we actually want to reduce the number of placeholders

[maorleger]

@qiaozha is it possible to use one of the existing place holders? we actually want to reduce the number of placeholders

Yeah, the only reason I approved this is because these are auto-generated from the swagger https://github.com/Azure/azure-rest-api-specs/blob/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json#L10

So making a change here will (I assume but not familiar with mgmt plane code gen) just be overwritten next time they generate? Which is another broader problem - our "well known" placeholders are only well known within this repo. I think swagger repo has its own list of suppressed test-creds. I asked for that list in the issue to see what the differences are but it's something we should think about if samples are getting generated from swagger...

[qiaozha]

@qiaozha is it possible to use one of the existing place holders? we actually want to reduce the number of placeholders

Yeah, the only reason I approved this is because these are auto-generated from the swagger https://github.com/Azure/azure-rest-api-specs/blob/main/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json#L10

So making a change here will (I assume but not familiar with mgmt plane code gen) just be overwritten next time they generate? Which is another broader problem - our "well known" placeholders are only well known within this repo. I think swagger repo has its own list of suppressed test-creds. I asked for that list in the issue to see what the differences are but it's something we should think about if samples are getting generated from swagger...

@ruowan Do you know if there's such suppression list in swagger repo ?