I have a react app, and I zip the dist folder and use it for Veracode static scan. I searched and reached that I should let *.map file to be there for veracode, but Veracode show me some flaws about name of some javascript objects in my code, for example I have a const myPassword = '*********'; and we know that in production build of webpack these variable names will change, then why Veracode shows these cases as flaws?
I need to add that I send the final js build without .map file and I receive 100% ok from Veracode. is it a flaw in Veracode?