CIS-DI-0010 Suspicious ENV key found

[zfLQ2qx2]

We recently updated from dockle 0.4.2 to 0.4.6 and started getting a lot of CIS-DI-0010 "Suspicious ENV key found" issues.

They are absolutely legitimate finds, if I do "docker history --no-trunc " I can see tokens passed in as ARGs embedded in the image. Hats off to Dockle for finding this before someone else did!

However what is not clear to me is how to remediate the issue. There wasn't anything in the Dockle wiki that spoke to this specifically and I didn't see where anyone else had asked in an issue. Could someone give me an idea what to do?