Update pipeline secret detection docs to highlight new capabilities
What does this MR do and why?
This merge request updates Pipeline Secret Detection documentation to highlight capabilities introduced in secrets!310.
Please read this comment for more information on these new capabilities.
Related issue: Clarify pipeline secret detection custom rule o... (#465942 - closed)
Changes
- Introduced a new page
customize_rulesets.md
to match the one we have for SAST analyzers. - Took the liberty to restructure the page. Most of the updates are in the
configuration
section though, see below for details.
Updated Page Structure
Below is the updated structure of the Pipeline SD page, with sections marked in bold highlighting the changes.
- Output – created to match a similar section in SAST page
- Configuration
- Enable the analyzer
- Edit the .gitlab-ci.yml file manually
- Use an automatically configured merge request
- Customize analyzer settings
- Add new patterns – moved to be under Customize analyzer settings / Shall we perhaps move it out of Configuration?
- Pin to a specific analyzer version
- Enable full history detection
- Run jobs in merge request pipelines
- Override analyzer jobs – moved to be under Customize analyzer settings
- Customize analyzer rulesets – renamed from Custom rulesets
- Create a ruleset configuration file – created to match similar section in SAST page
-
Modify pre-defined rules – created to add instructions on modifying predfined rules
- Disable rule – moved to this section
- Override rule – moved to this section
-
Modify rules using a remote ruleset – created to explain using
SECRET_DETECTION_RULESET_GIT_REFERENCE
-
Replace the default ruleset – renamed from Synthesize a custom configuration
-
Inline – created to add instructions on using
raw
passthrough -
With a local ruleset – created to add instructions on using
file
passthrough -
With a remote ruleset – created to add instructions on using
git
/url
passthroughs -
With a private remote ruleset – created to add instructions on using
git
passthrough with private repository
-
Inline – created to add instructions on using
-
Extend the default ruleset – renamed from Extending the default configuration
-
With a local ruleset – created to add instructions on using
file
passthrough to extend default ruleset -
With a remote ruleset – created to add instructions on using
git
/url
passthroughs to extend default ruleset
-
With a local ruleset – created to add instructions on using
-
Ignore patterns and paths – created to add instructions on using Gitleaks'
[allowlist]
directive - Ignore secrets inline – renamed from Ignore secrets
- Available CI/CD variables
- Offline configuration
- Using a custom SSL CA certificate authority
- Demos – renamed from Demo Projects and updated to include placeholders of demo projects for each action/workflow
- Enable the analyzer
MR acceptance checklist
I have evaluated this MR against the MR acceptance checklist.
How to set up and validate locally
Refer to this guide on how to setup GitLab's documentation website locally in your GDK and how to preview changes.
Edited by Russell Dickenson