[MR Button] Enabling Secret Detection in the UI
Problem to solve
Currently, all enabling of Secret Detection has to take place outside of the Security & Compliance area (through files while referencing docs for instructions). Building off the configuration UI work we've done for SAST, we want to do the same for Secret Detection. This includes enabling Secret Detection from the UI, and, later (in a separate issue), we'll explore offering a configuration UI.
Intended users
User experience goal
- User can easily enable Secret Detection from within the UI (without instructions in the docs)
Proposal
- Add "Enable via Merge Request" button to Security & Compliance > Configuration page for Secret Detection
- Button goes to an MR which shows the addition of the Secret Detection yml file to the project
- After successful pipeline run, the status of Secret Detection on the Configuration page changes from
Not enabled
toEnable
and the button is no longer there
Before enabling Secret Detection | After Secret Detection template has been successfully added |
---|---|
![]() |
![]() |
Documentation
What does success look like, and how can we measure that?
JTBD
- When I'm enabling Secret Detection, I want the ability to do so from within the UI so that I don't have to read a lot of documentation and go through several tedious steps to get it setup.
Links / references
Spreadsheet with breakdown of variables
SAST & Secrets: Competitive Analysis (Mural)
Example of Secret Detection yml file (default state)
Edited by Taylor McCaslin