Create blank gitlab-secret_detection gem
What does this MR do and why?
This MR creates an empty Ruby gem called gitlab-secret_detection.
Resolves #426823 (closed)
Epic: Build a Ruby gem to perform secrets regex match... (&11612 - closed)
To perform keyword and regex matching on git blobs that may include secrets, we are creating a gem that will be included as a dependency in GitLab main codebase (gitlab-org/gitlab
). This dependency will accept one or more git blobs, match them against a defined ruleset of regular expressions (based on gitleaks.toml
used by secrets analyzer), and return scan results.
Related merge requests
Step | Merge Request | Description |
---|---|---|
1 | This one. | Create an empty gem |
2 | !136381 (merged) | Implement the scanning logic |
3 | !136513 (closed) | Connect the push check to the gem |
The gitlab-secret_detection gem will be called by the secrets push check, which is implemented by another series of MRs.
Step | Merge Request | Description |
---|---|---|
1 | !135032 (merged) | Adds the secrets push check, and puts it behind a feature flag. |
2 | !135036 (merged) | Updates the secrets push check to check for license (only ultimate is allowed). |
3 | !135164 (merged) | Adds a new application setting for pre-receive SD, and updates the secrets push check accordingly. |
4 | !135273 (merged) | Adds the UI for toggling the application setting of pre-receive SD |
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.