Problem

The default regex in the "AWS Token" of the Secret Scanning feature in Bitbucket includes the string "ASIA", this has the effect of the Secret Scanning creating false alerts when people check in code.

The regex is:
.\b(ABIA|ACCA|AKIA|ASIA)[A-Z0-9]+\b.

For example, if content in a file that was checked in, included the word "ASIA" will trigger a false alert:

The problem with the regex that Atlassian provides is that it uses a "+", which means "one" (1) or more than one character after ASIA. This is grossly incorrect, AWS documents that it has to be 16 characters or more to be considered a valid token.

Environment

• Version 8.3.0 and above when the Secret Scanning was introduced
  .

Steps to Reproduce

Expected Results

False Alert should not be triggered on just 4-letter work like ASIA.
regex should consider it has to be 16 characters or more to be considered a valid token.

Actual Results

False Alert should not be triggered on just 4-letter common word like ASIA.

Workaround

modify the current regex under secret scanning setting

Notes

Possible regex
regex = '''AKIA[0-9A-Z]

{16}'''
regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}

'''