Skip to content

Move secret detection into its own vendored template

Problem to solve

As it stands today, secrets detection is enabled as part of the SAST vendored template. However, secret detection is a separate feature category and has an emerging roadmap. Keeping these two features coupled through the vendored template will be a limiting factor and we should move secret detection into its own vendored template sooner rather than later.

Intended users

Further details

Proposal

  • Create a new vendored template dedicated to the secret detection feature category.
  • Remove Secret Detection from the SAST vendored template.
  • Create a new report type for secret detection
  • Add Secret Detection vendored template to the AutoDevops Template
  • Check how telemetry/usage ping works for tracking Security job usage and ensure it tracks this new secret template

Permissions and Security

Documentation

Availability & Testing

  • This is a breaking change. Previous users of the SAST vendored template will no longer get Secret Detection from that one include.
  • Integration tests need to be updated.

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references

Edited by Taylor McCaslin