diff --git a/assets/queries/common/passwords_and_secrets/regex_rules.json b/assets/queries/common/passwords_and_secrets/regex_rules.json
index 73b1eac90fd..ceb8473356b 100644
--- a/assets/queries/common/passwords_and_secrets/regex_rules.json
+++ b/assets/queries/common/passwords_and_secrets/regex_rules.json
@@ -12,6 +12,10 @@
         {
           "description": "Avoiding CF AllowUsersToChangePassword",
           "regex": "['\"]?AllowUsersToChangePassword['\"]?\\s*[:=]\\s*['\"]?([A-Za-z0-9/~^_!@&%()=?*+-.]{4,})['\"]?"
+        },
+        {
+          "description": "Avoiding Ansible playbook update_password",
+          "regex": "['\"]?update_password['\"]?\\s*[:=]\\s*['\"]?([A-Za-z0-9/~^_!@&%()=?*+-.]{4,})['\"]?"
         }
       ],
       "specialMask": "(?i)['\"]?password['\"]?\\s*[:=]\\s*"
diff --git a/assets/queries/common/passwords_and_secrets/test/negative57.yml b/assets/queries/common/passwords_and_secrets/test/negative57.yml
new file mode 100644
index 00000000000..7bd9c906de5
--- /dev/null
+++ b/assets/queries/common/passwords_and_secrets/test/negative57.yml
@@ -0,0 +1,8 @@
+- name: "Configure the MySQL user "
+  community.mysql.mysql_user:
+    login_user: "root"
+    login_password: "{{ mysql_root_password }}"
+    name: "{{ mysql_user }}"
+    password: "{{ mysql_user_password }}"
+    password_expire: "never"
+    update_password: "on_create"