False positive Checkov Error CKV_SECRET_3 in Nuget-generated File: .../project.assets.json.

[llourensenvision]

Describe the issue
Two days ago every project in our company got flagged with Checkov Error CKV_SECRET_3 project.assets.json. We also got flagged with Checkov Error CKV_SECRET_3 on *..deps.json files. We haven't changed anything, and these files were passing before.

The line in both file types is a sha512 hash, a checksum for a package dependency. The line in *.deps.json files is

Examples
These lines should pass when encountered:
"sha512": "sha512-o2dLnQ8cMw5p7KAtxAPukkk4Mhs4tu96nUyFee4lvfLZEkuyTLhLGT2D5o5bagCwHVxqzt+w4Eb4YOl/pLq6Cw==",
and
"sha512": "Wm5+RY6hNoIPVLPwmr3T1ijVm5GdLVZBij93c4Brwe9iB3X8nlUYNjlnQVVJqK4QLs85nGwqBGUpB4BfYdGXVQ==",

Error message:
##[error]1. Checkov Error CKV_SECRET_3 - File: src/*******/obj/project.assets.json. Line: 5742. Column 0.
Signature: 051de2be42e099515828de3e9ee70a91152b3e1c08131d2f9492da7b752d6a99
Tool: Checkov: Rule: CKV_SECRET_3 (Azure Storage Account access key). https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-3
Azure Storage Account access key

Version (please complete the following information):

• Can be replicated in 3.2.358

Additional context
Add any other context about the problem here.

[tsmithv11]

Hey @llourensenvision we pushed a fix for a similar issue in a more recent version. Can you try updating Checkov and scanning again? If you still see these FPs, can you provide a more complete file to replicate the issue? I can't replicate this with 3.2.360 and the SHAs you provided.

[tsmithv11]

It looks like based on your comment in the other issue that it is resolved in a later version. Since it's not a Checkov issue, then I'll close this. If you do run into this in the latest version of Checkov, please reopen this issue or open a new one.