diff --git a/internal/audit/audit.go b/internal/audit/audit.go
index 84470dc6df..7e38928921 100644
--- a/internal/audit/audit.go
+++ b/internal/audit/audit.go
@@ -219,6 +219,8 @@ func (a *Auditor) auditSecret(ctx context.Context, secret string) {
 
 	// do not check empty secrets.
 	if sec.Password() == "" {
+		debug.Log("Skipping empty secret %s", secret)
+
 		return
 	}
 
diff --git a/internal/audit/report.go b/internal/audit/report.go
index 3402e64491..513d270e74 100644
--- a/internal/audit/report.go
+++ b/internal/audit/report.go
@@ -127,6 +127,11 @@ func (r *ReportBuilder) AddFinding(secret, finding, message, severity string) {
 	s.Findings[finding] = f
 	r.secrets[secret] = s
 
+	debug.Log("Secret %q has finding %q: %s with severity %s", secret, finding, message, severity)
+	if severity == "none" {
+		return
+	}
+
 	// record secrets per finding, for the summary
 	ss := r.findings[finding]
 	ss.Add(secret)