Add secret detection to pipeline (!2983) · Merge requests · GitLab.org / GitLab Docs

As discussed recently in slack, leaking secrets can be a big problem for GitLab (internal only: https://gitlab.slack.com/archives/C0259241C/p1658999483101359).

We should run the secrets detection job to try to help detect leaks and prevent them from being used maliciously.

Along with adding the secrets detection job, this MR overrides the rules to make it run in MR pipelines (the default pipeline for the gitlab-docs project), as per https://docs.gitlab.com/ee/user/application_security/#use-security-scanning-tools-with-merge-request-pipelines. The current rules are here: https://gitlab.com/gitlab-org/gitlab/-/blob/67eb268743d8ad764eb2574389a1a7e45d0977d3/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml#L30-L33, and this adds the recommended extra rule to make the job run in MR pipelines too.

It shows up in the MR widget, as you can see below by selecting Expand in the Security scanning section.

Edited Aug 02, 2022 by Marcel Amirault

Add secret detection to pipeline