Why is there a finding for Compliance ID 597 in Serverless Functions?

What texts are considered as secrets for compliance id 597? The secrets in clear text environment variables under container and serverless function checks.
The following are sample Environment Variables.

SOLR_SSL_TRUST_STORE_PASSWORD,SOLR_SSL_KEY_STORE_PASSWORD,SAS_AUTHORIZATION_PORT_443_TCP,SAS_AUTHORIZATION_PORT_443_TCP_PROTO,SAS_AUTHORIZATION_PORT_443_TCP_PORT,SAS_AUTHORIZATION_PORT,SAS_AUTHORIZATION_SERVICE_PORT_HTTP,SAS_AUTHORIZATION_SERVICE_HOST,SAS_AUTHORIZATION_PORT_443_TCP_ADDR,SAS_AUTHORIZATION_SERVICE_PORT

• Prisma Cloud Compute Self-Hosted Console
• Prisma Cloud Compute SAAS Console
• Compliance check id 597

1. The compliance check for secrets in clear text detects the sensitive data in the environment variable based on the regular expression that we have in our backend logic.
2. Prisma Cloud Compute collects the keys in the environment variables and store them as a string and use that string with the regular expression to match keywords like "pass", "token", "secret", "auth", and "crypto".
3. As we can see in the above sample environment variable there are "AUTH" keywords used and that triggers the compliance check id 597.