Update gitleaks secret detection to v2

Problem to solve

Our ~"secret detection" analyzer currently depends on gitleaks as one of the underlying tools. We should update gitleaks to the latest version, from the current v1.24.0 to v2.

Intended users

Persona: Software developer

Further details

Proposal

This involves a couple breaking changes we should address, including the deprecation of our entropy ENV flag. It also now means we should now support either a user-provided TOML config, or fallback to one we package ourselves.

Changes: https://github.com/zricethezav/gitleaks/compare/v1.24.0...v2.0.0?expand=1

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

What is the type of buyer?

GitLab Ultimate

Links / references

Edited Jul 15, 2019 by Lucas Charles