Include scanning the wiki for secrets
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Release notes
Wikis can oftentimes be used for storing instructions on how to do particular administrative tasks, which is to say that wikis can be used to inappropriately store passwords and other secrets. This release offers the ability to include wikis in Secret Detection via our Secret Detection YAML file to ensure that users do not accidentally store secrets in the wiki repo.
Problem to solve
Wikis are not checked out in our Secret Detection YAML template to look for secrets.
Intended users
Make looking for secrets in wikis as intuitive as possible.
Proposal
-
Grant the ability for the wiki Git repository to be checked out via the same mechanism that the Product Git Repository is able to be checked out: the CI Job Token #329866 (closed) -
Trigger pipelines upon commits to the wiki #333173 -
Include scanning the wiki repository (when it exists) in the Secret Detection YAML (This Issue)
Further details
Permissions and Security
Documentation
Availability & Testing
Available Tier
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
Links / references
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.