Move secret detection into its own vendored template
Problem to solve
As it stands today, secrets detection is enabled as part of the SAST vendored template. However, secret detection is a separate feature category and has an emerging roadmap. Keeping these two features coupled through the vendored template will be a limiting factor and we should move secret detection into its own vendored template sooner rather than later.
- Rachel (Release Manager)
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Sidney (Systems Administrator)
- Sam (Security Analyst)
- Create a new vendored template dedicated to the secret detection feature category.
- Remove Secret Detection from the SAST vendored template.
- Create a new report type for secret detection
- Add Secret Detection vendored template to the AutoDevops Template
- Check how telemetry/usage ping works for tracking Security job usage and ensure it tracks this new secret template
Permissions and Security
- New page likely at https://docs.gitlab.com/ee/user/application_security/secret_detection
- Move content from existing section to this page
- I expect we'll want to make edits that talk about the vendored template, and generally about how secret detection works.
Availability & Testing
- This is a breaking change. Previous users of the SAST vendored template will no longer get Secret Detection from that one include.
- Integration tests need to be updated.