Resolving Malware and Leaked Secret Issues
Malware and leaked secret findings require you to close them manually using Mark as solved. For leaked secrets, Aikido detects the secret in your version history but leaves invalidation to you, as this happens in an external system and cannot be fully verified. For malware, Aikido flags the infected package but requires you to confirm removal, since automated verification of a clean state is never fully reliable.
What to do before marking an issue as solved
Leaked secrets
A secret can stay in Git history forever, even after you remove it from the latest commit.
Before marking the issue as solved:
Revoke or rotate the secret immediately.
Confirm the old secret no longer works.
Check that no system still depends on it.
Only then mark the issue as solved.
Marking a leaked secret as solved does not mean the secret disappeared from version history. It means you invalidated it and removed the risk.
Malware findings
For malware, Aikido cannot prove removal unless it no longer appears in your dependency data.
Before marking the issue as solved:
Remove the affected package from the project.
Remove it from the lockfile.
Reinstall dependencies if needed.
Confirm it no longer appears in the dependency tree.
Only then mark the issue as solved.
If you are not sure the malware package is gone, contact Aikido support before marking it as solved.
How to mark an issue as solved
Open the issue from the issue list, grouped issue view, or queue sidebar.
Open the action menu.
Select Mark as solved.
Review the confirmation prompt.
Confirm.
Last updated
Was this helpful?