Report violations for projects not having secret push protection
We want to track projects which don't have secret push protection enabled. A violation should be created for all project we monitor, whether or not they're product
projects.
Implementation plan
-
Expose the setting in the GitLab API: Expose pre_receive_secret_detection_enabled in ... (gitlab-org/gitlab!160960 - merged) -
Update the go-gitlab library we use in GIB to have access to the new field: https://github.com/xanzy/go-gitlab/pull/1984 + https://github.com/xanzy/go-gitlab/pull/1989 -
Wait for go-gitlab to release a new version: pinned to commit until new version is released) -
Update the dependency in GIB: !253 (diffs) -
Write the rule to report a violation when the setting is false
: Report Secret Push Protection not enabled (!253 - merged)
Edited by Philippe Lafoucrière