Veracode Flags Hardcoded Test Credentials in Cypress Configuration as Static Password Vulnerability

Frappe Framework
,
1

During a Veracode static security scan of a project using Frappe Bench, Veracode reports a “Static Password” security vulnerability in the Cypress configuration file and some other file of frappe.

The finding points to the following pattern in the Cypress config:

image
image1135×386 61 KB

Any one know how i can fix this issue to pass the checks

2

image
image1139×617 102 KB

@revant_one
In line number 226 of test_frappe_client.py again veracode is reporting “Use of Hard-coded Password (CWE ID 259)(21 flaws)”
Theire is about 20 line in core frappe how can i fix and what is the best approach