My company's development project uses yml files as configuration files. How can I use codeql to detect whether these yml files contain sensitive information such as plain text passwords?
When I created the codeql database, I used the parameter --language=go, yaml, but I don't know how to query the yaml database and whether this method is the right solution.