Refactor secrets analyzer in preparation for gitleaks v8
Proposal
Gitleaks v8 is coming. It's a massive speed improvement that comes through a simplification of the scanner itself. As such, there will need to be large changes to the secrets analyzer to prepare it for the new version.
Tasks
- Update analyzer code to support gitleaks v8
Designs
- Show closed items
- Issue#35247014.81Category:Fuzz Testing GitLab Ultimate Technical Writing UX devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis section sec tw finished type feature workflow production
- Issue#35246514.81auto updated devops application security testing frontend section sec
- Issue#35207314.8Category:Fuzz Testing GitLab Ultimate backend devops application security testing feature enhancement fuzzing coverage group dynamic analysis section sec type bug workflow verification
- Issue#35163214.8Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis section sec type feature workflow verification
- Issue#35153914.8Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis section sec type feature workflow verification
- Issue#35097514.82Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis section sec type feature workflow verification
- Issue#35097414.82Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis section sec type feature workflow in dev
- Issue#34901414.8Category:Fuzz Testing GitLab Ultimate devops application security testing feature flag frontend fuzzing coverage group dynamic analysis missed:14.7 section sec type feature workflow in dev
- Issue#34748314.7Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis missed:14.6 section sec type bug workflow verification
- Issue#34509014.73Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis section sec type feature workflow verification
- Issue#34508914.73Category:Fuzz Testing auto updated devops application security testing frontend group dynamic analysis section sec workflow verification
- Issue#34508814.63Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis missed:14.5 section sec type feature workflow verification
- Issue#34148614.55Category:Fuzz Testing backend devops application security testing feature addition fuzzing coverage group dynamic analysis section sec type feature
- Issue#34148514.55Category:Fuzz Testing backend devops application security testing feature addition fuzzing coverage group dynamic analysis section sec type feature
- Issue#34148914.82Category:Fuzz Testing Technical Writing backend devops application security testing documentation feature addition fuzzing coverage group dynamic analysis missed:14.6 missed:14.7 section sec tw-weight 8 type feature
- Issue#34148714.65Category:Fuzz Testing backend devops application security testing feature enhancement fuzzing coverage group dynamic analysis section sec type feature
- Issue#34258014.62Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis missed:14.5 section sec type feature workflow verification
- Issue#34258314.82Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis missed:14.6 missed:14.7 section sec type feature workflow verification
- Issue#34243314.63Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis missed:14.5 section sec type feature workflow verification
- Issue#34133814.4automation:ml devops package group package registry section ops
- Issue#34121814.6Category:Package Registry Generic Package Repository auto updated devops package fuzzing coverage group package registry missed:14.4 missed:14.5 section ops
- Epicgitlab-org#668323Dec 18, 2021 – Jan 17, 2022Category:Fuzz Testing backend devops create frontend fuzzing coverage group dynamic analysis missed:14.2 section sec
- Issue#33973214.5Category:Fuzz Testing GitLab Ultimate backend devops application security testing direction fuzzing coverage group dynamic analysis missed:14.3 missed:14.4 section sec type feature workflow in dev
- Epicgitlab-org#640647Jul 18 – Aug 17, 2021Category:Fuzz Testing Deliverable GitLab Ultimate devops application security testing frontend fuzzing coverage group dynamic analysis section sec type feature
- Issue#33494114.7Category:Fuzz Testing Technical Writing backend devops application security testing documentation fuzzing coverage group dynamic analysis missed:14.2 missed:14.3 missed:14.4 missed:14.5 missed:14.6 section sec tw-weight 5 workflow refinement
- Issue#27316914.2Category:Fuzz Testing devops application security testing fuzzing coverage group dynamic analysis missed:13.8 section sec
- Issue#32689513.113Category:Fuzz Testing Deliverable GitLab Ultimate devops application security testing direction frontend fuzzing coverage group dynamic analysis missed-deliverable missed:13.10 section sec type feature workflow in review
- Issue#32689613.112Category:Fuzz Testing Deliverable GitLab Ultimate devops application security testing direction frontend fuzzing coverage group dynamic analysis missed-deliverable missed:13.10 section sec type feature workflow in review
- Issue#32689413.111Category:Fuzz Testing Deliverable GitLab Ultimate devops application security testing direction frontend fuzzing coverage group dynamic analysis missed-deliverable missed:13.10 section sec type feature workflow verification
- Issue#28059213.112Category:Fuzz Testing Deliverable GitLab Ultimate backend devops application security testing direction fuzzing coverage group dynamic analysis section sec type feature workflow in dev
- Issue#32636113.113Category:Fuzz Testing Deliverable GitLab Ultimate backend devops application security testing direction fuzzing coverage group dynamic analysis section sec type feature workflow in dev
- Issue#32636213.112Category:Fuzz Testing Deliverable GitLab Ultimate backend devops application security testing direction fuzzing coverage group dynamic analysis section sec type feature workflow in dev
- Issue#29444413.113Category:Fuzz Testing Deliverable GitLab Ultimate devops application security testing direction frontend fuzzing coverage group dynamic analysis missed-deliverable missed:13.10 section sec type feature workflow verification
- Issue#32161814.3Category:Fuzz Testing backend devops create frontend fuzzing coverage group dynamic analysis missed:14.2 section sec
- Issue#32789714.52Category:Fuzz Testing GitLab Ultimate devops application security testing frontend fuzzing coverage group dynamic analysis section sec type feature workflow production
- Issue#32088613.103Category:Fuzz Testing GitLab Ultimate devops application security testing direction frontend fuzzing coverage group dynamic analysis section sec workflow verification
- Issue#29954413.101Category:Fuzz Testing Deferred UX Deliverable UX devops create frontend group dynamic analysis workflow in dev
- Issue#29442513.92Category:Fuzz Testing GitLab Ultimate backend devops application security testing direction frontend fuzzing coverage group dynamic analysis section sec type feature workflow production
- Issue#28059314.32Category:Fuzz Testing GitLab Ultimate backend devops application security testing direction frontend fuzzing coverage group dynamic analysis section sec type feature workflow production
- Issue#28059013.9Category:Fuzz Testing backend devops application security testing fuzzing coverage group dynamic analysis missed:13.7 section sec type feature workflow ready for development
- Issue#32841814.8Category:Fuzz Testing GitLab Ultimate devops application security testing feature flag frontend fuzzing coverage group dynamic analysis missed:14.7 section sec type feature
- Issue#29074113.10Category:Fuzz Testing Deliverable devops application security testing fuzzing coverage group dynamic analysis missed-deliverable missed:13.8 section sec workflow verification
- Issue#268004Category:Fuzz Testing GitLab Ultimate UX FY21-Q4 backend devops application security testing direction feature enhancement frontend fuzzing coverage group dynamic analysis section sec secure:refinement-backend secure:refinement-frontend type feature workflow refinement
- Issue#32847514.2Category:Fuzz Testing Deliverable GitLab Ultimate devops application security testing frontend fuzzing coverage group dynamic analysis section sec type feature workflow refinement
Activity
-
Newest first Oldest first
-
Show all activity Show comments only Show history only
- Thomas Woodham changed milestone to %14.6
changed milestone to %14.6
- Thomas Woodham added Category:Secret Detection backend devopssecure groupstatic analysis sectionsec workflowplanning breakdown + 1 deleted label
added Category:Secret Detection backend devopssecure groupstatic analysis sectionsec workflowplanning breakdown + 1 deleted label
- Thomas Woodham mentioned in issue #345171 (closed)
mentioned in issue #345171 (closed)
- Rémy Coutable added typefeature label and removed 1 deleted label
added typefeature label and removed 1 deleted label
- Russell Dickenson added documentation label
added documentation label
- Maintainer
I've added the documentation label to this issue so that I can keep track of it, also to flag that it will require associated documentation changes. As it's at workflowplanning breakdown stage, no documentation changes are yet required. When it moves to workflowdesign I'll like to consider the documentation requirements.
- Russell Dickenson added Technical Writing label
added Technical Writing label
- Russell Dickenson removed Technical Writing label
removed Technical Writing label
- Zach Rice changed the description
Compare with previous version changed the description
- Zach Rice added workflowin dev label and removed workflowplanning breakdown label
added workflowin dev label and removed workflowplanning breakdown label
- Thomas Woodham added Deliverable label
added Deliverable label
- Zach Rice set weight to 5
set weight to 5
- Zach Rice mentioned in merge request gitlab-org/security-products/analyzers/secrets!127 (merged)
mentioned in merge request gitlab-org/security-products/analyzers/secrets!127 (merged)
- Taylor McCaslin mentioned in merge request gitlab-com/www-gitlab-com!95476 (merged)
mentioned in merge request gitlab-com/www-gitlab-com!95476 (merged)
- Maintainer
Due to a bug raised by a customer gitlab-org/security-products/analyzers/secrets!127 (comment 784660428) was reverted for now.
- Zach Rice mentioned in merge request gitlab-org/security-products/analyzers/secrets!129 (merged)
mentioned in merge request gitlab-org/security-products/analyzers/secrets!129 (merged)
- Zach Rice added workflowproduction label and removed workflowin dev label
added workflowproduction label and removed workflowin dev label
- Zach Rice marked the checklist item Update analyzer code to support gitleaks v8 as completed
marked the checklist item Update analyzer code to support gitleaks v8 as completed
Closing this issue. #348984 (closed) is a related follow-up
Collapse replies - Contributor
@zrice I'm not sure if this is the right place to ask but there is a
,
between the text and the link in the release page resulting in broken markdown:https://about.gitlab.com/releases/gitlab-com/
[Gitleaks],(https://github.com/zricethezav/gitleaks) to the next major version:
- Maintainer
@kelteseth thanks for the report! Looks like this has been fixed this with gitlab-com/www-gitlab-com@7c33175d
1
- Zach Rice closed
closed
- 🤖 GitLab Bot 🤖 mentioned in issue gitlab-org/quality/triage-reports#5804 (closed)
mentioned in issue gitlab-org/quality/triage-reports#5804 (closed)
- Taylor McCaslin mentioned in merge request gitlab-com/www-gitlab-com!96791 (closed)
mentioned in merge request gitlab-com/www-gitlab-com!96791 (closed)