Don't download artifacts for Secret Detection
Why is this change being made?
Secret Detection started to report findings located in public/
. This is because the job downloads by default all artifacts, including in this case the generated public/
folder. Not only this is generating false positives, but the job consumes time and CPU for nothing.
Note that Dependency Scanning has a different behavior: Artifacts are not downloaded by default.
The new job takes less than 2 minutes to run, versus nearly 15 minutes before.
Author Checklist
-
Provided a concise title for the MR -
Added a description to this MR explaining the reasons for the proposed change, per say-why-not-just-what - Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added.
-
Assign reviewers for this change to the correct DRI(s) - If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the "Maintained by" section in on the page being edited.
- If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies.
- [-] If the changes affect team members, or warrant an announcement in another way, please consider posting an update in #whats-happening-at-gitlab linking to this MR.
- If this is a change that directly impacts the majority of global team members, it should be a candidate for #company-fyi. Please work with internal communications and check the handbook for examples.
Edited by Philippe Lafoucrière