Conversation
🔐 Security Pipeline StatusRepository Security CheckIf this repository is blocked by security issues, please visit the Pipeline Blocking Dashboard to see which issues need to be resolved: The dashboard contains detailed information about:
Report generated on: 2026-04-01 14:41:51 IST
|
![semgrep-code-razorpay[bot]](https://avatars.githubusercontent.com/u/7713209?s=60&v=4){kind=small}
| > **Watch Out!** | ||
| > | ||
| > - The minimum supported iOS version for using Turbo UPI is currently 12.0. | ||
| > - Use the `rzp_test_8UzRYt0d70Ntgz` API key id for testing on the UAT environment and the [Razorpay live keys](https://raw.githubusercontent.com/razorpay/razorpay-php-testapp/markdown-docs/llm-content/api/authentication.md#live-mode-api-keys) for prod testing. |
There was a problem hiding this comment.
Invalid secret detected
The secret identified in your code has been confirmed as invalid, indicating it has likely been revoked or is merely an example. While it may not pose an immediate risk, we recommend reviewing to ensure no actual sensitive data is leaked.
A secret is hard-coded in the application. Secrets stored in source code, such as credentials, identifiers, and other types of sensitive data, can be leaked and used by internal or external malicious actors. It is recommended to rotate the secret and retrieve them from a secure secret vault or Hardware Security Module (HSM), alternatively environment variables can be used if allowed by your company policy.
⚪️ This finding does not block your pull request.
Ignore this finding from razorpay-test-api-token
| > | ||
| > - `minSDKversion` for using Turbo UPI is currently for Android is 23 and iOS is 12.0 and cannot be overwritten. | ||
| > - API Key Usage for Different Environments: | ||
| > - Use the `rzp_test_8UzRYt0d70Ntgz` API key id for testing on the UAT environment. |
There was a problem hiding this comment.
Invalid secret detected
The secret identified in your code has been confirmed as invalid, indicating it has likely been revoked or is merely an example. While it may not pose an immediate risk, we recommend reviewing to ensure no actual sensitive data is leaked.
A secret is hard-coded in the application. Secrets stored in source code, such as credentials, identifiers, and other types of sensitive data, can be leaked and used by internal or external malicious actors. It is recommended to rotate the secret and retrieve them from a secure secret vault or Hardware Security Module (HSM), alternatively environment variables can be used if allowed by your company policy.
⚪️ This finding does not block your pull request.
Ignore this finding from razorpay-test-api-token
| > | ||
| > - `minSDKversion` for using Turbo UPI is currently 19 and cannot be overwritten. | ||
| > - API Key Usage for Different Environments: | ||
| > - Use the `rzp_test_0wFRWIZnH65uny` API key id for testing on the UAT environment. |
There was a problem hiding this comment.
Invalid secret detected
The secret identified in your code has been confirmed as invalid, indicating it has likely been revoked or is merely an example. While it may not pose an immediate risk, we recommend reviewing to ensure no actual sensitive data is leaked.
A secret is hard-coded in the application. Secrets stored in source code, such as credentials, identifiers, and other types of sensitive data, can be leaked and used by internal or external malicious actors. It is recommended to rotate the secret and retrieve them from a secure secret vault or Hardware Security Module (HSM), alternatively environment variables can be used if allowed by your company policy.
⚪️ This finding does not block your pull request.
Ignore this finding from razorpay-test-api-token
1 participant
No description provided.