Update Secret Detection scan to find GitLab Personal Access Tokens and Project Access Tokens
Problem to solve
- Add regex for detecting GitLab Personal Access Tokens
- (Potentially) auto-revoke tokens, see programmatically revoking tokens
The format is not very unique for personal access tokens, so we must either use lookaround or we should consider a post-analyze step similar to https://gitlab.com/gitlab-org/secure/vulnerability-research/awesomesauce/-/issues/11 to verify secrets.
Update Category:Secret Detection docs to include GitLab tokens
What is the type of buyer?
All GitLab users leveraging Secret Detection