Alerts are ignored

[dubilyer]

Testing on an internal repo (GH enterprise cloud).
Created a test file:

AWS=AKIA1236227890ABCDE
GH=ghp_1234567890abcdefghijklmnopqrstuvwxYZ

Opened PR.

I can see an alert in security tab, it's originated by the commit presenting in the PR.
The following workflow runs and passes:

name: Secret scanning
on:
  pull_request:
    types: [opened, reopened, edited, synchronize]
jobs:
  scan:
    runs-on: enterprise-linux-build-runner
    steps:
      - name: 'Secret Scanning Review Action'
        uses: advanced-security/secret-scanning-review-action@main
        id: secret-alert-check
        with:
          token: ${{ secrets.SECURITY_ACTIONS }}
          fail-on-alert: true

In logs I can see:

Run /runner/_work/_actions/advanced-security/secret-scanning-review-action/main/action.ps1 -GitHubToken *** -FailOnAlert $true -FailOnAlertExcludeClosed $false -DisablePRComment $false
GitHubActions module is not installed.  Installing from Gallery...
PowerShellForGitHub module is not installed.  Installing from Gallery...


PR#7 'Add AWS and GitHub secrets to secrets.sh' has 2 commits

PR#7 Commit SHA list: aa8b0b-----cb2ac53e9a,4607d96c2ede----84f751a34dbbe

Found 0 secret scanning alerts for 'priority-erp/portal_load_tests'




👍 Found [0] secret scanning alerts across [0] locations that originated from a PR#7 commit