Secret Detection Job in SAST failing due to unshallow commit
Summary
A customer has reported that they started to getting errors similar to this in the secret_detection job for SAST recently:
fatal: error in object: unshallow 68b5e4c87afc13ce8e4103153a8a375211c62e24Example Project
Please see Zendesk ticket (internal link only) from the customer for the links to the jobs that failed.
What is the current bug behavior?
Secret detection job fails with a git failure.
What is the expected correct behavior?
Secret detection job passes or fails based on results from the secret detection job.
Relevant logs and/or screenshots
Please see Zendesk ticket (internal link only) from the customer for the links to the jobs that failed.
Output of checks
This bug happens on GitLab.com.
Version deployed on GitLab.com: GitLab Enterprise Edition 14.8.0-pre 9fc9b1b4
Possible fixes
Checking the commit history on the secret_detection job, we found that the Update secret detection template to be more robust (!78321 - merged) MR was merged slightly before the customer observed any issues.
The description in the MR states:
This MR introduces dynamic git fetching which only fetches commits that should be scanned by the secret detection analyzer. So it appears to be relevant to this situation.
Furthermore, commit 68b5e4c87afc13ce8e4103153a8a375211c62e24 in the example above was a merge commit, which might also be relevant.
Workarounds
The customer was able to work around this issue by increasing the GIT_DEPTH of the secret detection job.
.secret-analyzer:
variables:
GIT_DEPTH: 100