Skip to content

Update pipeline secret detection docs to highlight new capabilities

What does this MR do and why?

This merge request updates Pipeline Secret Detection documentation to highlight capabilities introduced in secrets!310.

Please read this comment for more information on these new capabilities.

Related issue: Clarify pipeline secret detection custom rule o... (#465942 - closed)

Changes

  • Introduced a new page customize_rulesets.md to match the one we have for SAST analyzers.
  • Took the liberty to restructure the page. Most of the updates are in the configuration section though, see below for details.

Updated Page Structure

Below is the updated structure of the Pipeline SD page, with sections marked in bold highlighting the changes.

  • Outputcreated to match a similar section in SAST page
  • Configuration
    • Enable the analyzer
      • Edit the .gitlab-ci.yml file manually
      • Use an automatically configured merge request
    • Customize analyzer settings
      • Add new patternsmoved to be under Customize analyzer settings / Shall we perhaps move it out of Configuration?
      • Pin to a specific analyzer version
      • Enable full history detection
      • Run jobs in merge request pipelines
      • Override analyzer jobsmoved to be under Customize analyzer settings
    • Customize analyzer rulesets – renamed from Custom rulesets
      • Create a ruleset configuration filecreated to match similar section in SAST page
      • Modify pre-defined rulescreated to add instructions on modifying predfined rules
        • Disable rulemoved to this section
        • Override rulemoved to this section
        • Modify rules using a remote ruleset – created to explain using SECRET_DETECTION_RULESET_GIT_REFERENCE
      • Replace the default rulesetrenamed from Synthesize a custom configuration
        • Inlinecreated to add instructions on using raw passthrough
        • With a local rulesetcreated to add instructions on using file passthrough
        • With a remote rulesetcreated to add instructions on using git/url passthroughs
        • With a private remote rulesetcreated to add instructions on using git passthrough with private repository
      • Extend the default rulesetrenamed from Extending the default configuration
        • With a local rulesetcreated to add instructions on using file passthrough to extend default ruleset
        • With a remote rulesetcreated to add instructions on using git/url passthroughs to extend default ruleset
      • Ignore patterns and pathscreated to add instructions on using Gitleaks' [allowlist] directive
      • Ignore secrets inlinerenamed from Ignore secrets
    • Available CI/CD variables
    • Offline configuration
    • Using a custom SSL CA certificate authority
    • Demosrenamed from Demo Projects and updated to include placeholders of demo projects for each action/workflow

MR acceptance checklist

I have evaluated this MR against the MR acceptance checklist.

How to set up and validate locally

Refer to this guide on how to setup GitLab's documentation website locally in your GDK and how to preview changes.

Edited by Russell Dickenson

Merge request reports

Loading