Fix scan hits (#16788)

.config/CredScanSuppressions.json

@@ -16,6 +16,10 @@
         {
           "file": ".devcontainer\\devcontainer.json",
           "_justification": "Local development environment - not used in production"
+        },
+        {
+          "file": "extensions\\asde-deployment\\notebooks\\edge\\deploy-sql-edge-remote.ipynb",
+          "_justification": "Deployment Notebook - usernames/passwords are entered by user"
         }
     ]
 }

extensions/cms/src/cmsUtils.ts

@@ -32,6 +32,7 @@ export class CmsUtils {
 	private _cmsService: mssql.ICmsService;
 	private _registeredCmsServers: ICmsResourceNodeInfo[] = [];
 
+	// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Used for unit testing, not actual valid credential")]
 	public async savePassword(username: string, password: string): Promise<boolean> {
 		let provider = await this.credentialProvider();
 		let result = await provider.saveCredential(username, password);

src/sql/platform/connection/test/common/connectionStore.test.ts

@@ -26,7 +26,7 @@ suite('ConnectionStore', () => {
 		serverName: 'namedServer',
 		databaseName: 'bcd',
 		authenticationType: 'SqlLogin',
-		userName: 'cde',
+		userName: 'cde', // [SuppressMessage("Microsoft.Security", "CS001:SecretInline", Justification="Mock value, never actually used to connect")]
 		password: generateUuid(),
 		savePassword: true,
 		groupId: '',