ci: Remove keyword from secret detector

[chtruong814]

What does this PR do ?

The keyword plugin for the secret detector can have several false positives. Just mentioning "password" or "api key" will flag the change.

Changelog

• Add specific line by line info of high level changes in this PR.

GitHub Actions CI

See the CI sectionin the Contributing doc for how to trigger the CI. A Nvidia developer will need to approve and trigger the CI for external contributors.

Before your PR is "Ready for review"

Pre checks:

• Make sure you read and followed Contributor guidelines
• Did you write any new necessary tests?
• Did you add or update any necessary documentation?
• Does the PR affect components that are optional to install? (Ex: Numba, Pynini, Apex etc)
  • Reviewer: Does the PR have correct import guards for all optional libraries?

If you haven't finished some of the above items you can still open "Draft" PR.

Additional Information

• Related to # (issue)

Summary by CodeRabbit

• Chores
  • Updated security scanning configuration and removed outdated detection entries from the baseline.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates the detect-secrets baseline configuration by removing the KeywordDetector plugin entry, its associated filter configuration, and multiple pre-existing secret detection results from various codebase files. The configuration's generated timestamp is refreshed.

Changes

Cohort / File(s)	Summary
Detect-Secrets Configuration .github/workflows/config/.secrets.baseline	Removed KeywordDetector from plugins list and its is_baseline_file filter entry; removed multiple baseline secret results from cicd-main.yml, CONTRIBUTING.md, shell scripts, test files, and notebooks; updated generated_at timestamp.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• ci: Add secrets detector #2154: Adds the secrets detector/baseline configuration while this PR removes detector entries and baseline results, making them directly related but opposite in scope.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: Remove keyword from secret detector' accurately describes the main change—removing the KeywordDetector plugin from the secret detector configuration to eliminate false positives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Test Results For Major Changes	✅ Passed	PR contains only minor CI configuration changes to the secret detector baseline, not major features or breaking changes affecting code logic or model behavior.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chtruong/update-secret-detect

Important

Action Needed: IP Allowlist Update

If your organization protects your Git platform with IP whitelisting, please add the new CodeRabbit IP address to your allowlist:

• ✨ 136.113.208.247/32 (new)
• 34.170.211.100/32
• 35.222.179.152/32

Reviews will stop working after February 8, 2026 if the new IP is not added to your allowlist.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}