Skip to content

Update secret detection template to be more robust

Zach Rice requested to merge secret-detect-robustness into master

What does this MR do and why?

This MR introduces dynamic git fetching which only fetches commits that should be scanned by the secret detection analyzer. For more context refer to gitlab-com/www-gitlab-com!96577 (comment 811281783). Secret Detection needs to determine the range of commits to be scanned. Prior to this change, the range could exceed the default fetch depth which caused an incomplete scan. With this change, we can determine the correct fetch depth and range of commits to be scanned for completion.

See comments in script for additional details.

FWIW, we have been discussing moving this logic into the analyzer itself... but that is for a future release.

Screenshots or screen recordings

gitlab-org/security-products/tests/secrets!44 (closed) Screen_Shot_2022-01-14_at_5.09.57_PM

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Zach Rice

Merge request reports

Loading