Update Gitleaks from 1.24.0 to 3.3.0
What does this MR do?
Updates Gitleaks from 1.24.0 to 3.3.0 with less modification of the default rules.
Detailed changes
-
reasonrenamed torulein JSON generated bygitleaksCLI (cf. https://github.com/zricethezav/gitleaks/commit/7bd55e33b504f76fc2aec27f4f479a5fb2606480) - Dropping entropy with merging into
rules: https://github.com/zricethezav/gitleaks/blob/v2.1.0/CHANGELOG.md-
-e(or--entropy) option dropped -
[entropy]in gitleaks.toml was replaced with a new[[rule]]withentropies
-
- User-defined
SAST_GITLEAKS_ENTROPY_LEVELenvironment variable is deprecatedbut it has NEVER been made public according to the code search: https://sourcegraph.com/search?q=SAST_GITLEAKS_ENTROPY_LEVEL+repo:%5Egitlab%5C.com/gitlab-org&patternType=regexp -
gitleaks.tomlrules change
Note: rules are updated in !24 (closed)
What are the relevant issue numbers?
Parts of gitlab-org/gitlab#205172 (closed)
Relates to gitlab-org/gitlab#205171 (closed), gitlab-org/gitlab#12948 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added - [n/a] Documentation created/updated for GitLab EE, if necessary
- [n/a] Documentation created/updated for this project, if necessary
- [n/a] Documentation reviewed by technical writer or follow-up review issue created
- [n/a] Tests added for this feature/bug
- [n/a] Job definition updated, if necessary
- [n/a] Auto-DevOps template
- [n/a] Job definition example
- [n/a] CI Templates
-
Conforms to the code review guidelines -
Conforms to the Go guidelines - [n/a] Security reports checked/validated by reviewer
Edited by Takuya Noguchi