Draft: Add gitlab secret detection gem (hush RPC version)
What does this MR do and why?
Port of !133737 (closed) using hush PoC server in place of gem for performance profiling
Relies on https://gitlab.com/gitlab-org/secure/pocs/secret-detection-go-poc/-/merge_requests/1 for deployment of RPC server.
Note that if server is unavailable a rather GRPC::Unavailable
is raised with the prereceive exposed as a standard 500:
❯ git push origin new-branch
...
remote: GitLab: 500 Internal Server Error
To http://gdk.test:3000/root/gke-cd-demo.git
! [remote rejected] new-branch -> new-branch (pre-receive hook declined)
How to set up and validate locally
❯ sed -n 12p app.js
var token = 'glpat-00000000000000000000';
❯ git push -f origin new-branch
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 10 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 318 bytes | 318.00 KiB/s, done.
Total 3 (delta 2), reused 0 (delta 0), pack-reused 0
remote: GitLab: Secrets check failed:
remote: Found 4376936dfec36b9f132d644f3abed6ed34abcf5a on line object_id
remote: Found 12 on line line_number
remote: Found on line error
To http://gdk.test:3000/root/gke-cd-demo.git
! [remote rejected] new-branch -> new-branch (pre-receive hook declined)
error: failed to push some refs to 'http://gdk.test:3000/root/gke-cd-demo.git'
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Lucas Charles