Run secret detection only on source code
Build Variables:
-
Use Contentful Preview API
Step 1: What is changing in this MR?
- Make secret detection run right away, without restoring build artifacts like
node_modules
(https://gitlab.com/gitlab-com/marketing/digital-experience/buyer-experience/-/security/vulnerability_report has a lot of false positives detected in this folder, and there's nothing the developers can do about it). - Make secret detection run in Merge Requests too (this is necessary to scan ALL commits of a Merge Request for secrets)
Production | Review app |
---|---|
https://about.gitlab.com/ | WIP |
Step 2: Ensure that your changes comply with the following, where applicable:
-
I, the Assignee, have run Axe tools on any updated pages, and fixed the relevant accessibility issues. -
These changes work on both Safari, Chrome, and Firefox. -
These changes have been reviewed for Visual Quality Assurance and Functional Quality Assurance on Mobile, Desktop, and Tablet. -
These changes work with our Google Analytics and SEO tools. -
These changes have been documented as expected.
Step 3: Ensure that your changes don't cause regressions on key pages, where applicable:
refs https://gitlab.com/gitlab-com/marketing/digital-experience/buyer-experience/-/issues/3865
Edited by Philippe Lafoucrière