Secret Detection Deprecation: Certain configuration variables
Deprecation Summary
To make it simpler and more reliable to customize GitLab Secret Detection, we're deprecating some of the variables that you could previously set in your CI/CD configuration.
The following variables currently allow you to customize the options for historical scanning, but interact poorly with the GitLab-managed CI/CD template and are now deprecated:
SECRET_DETECTION_COMMIT_FROM
SECRET_DETECTION_COMMIT_TO
SECRET_DETECTION_COMMITS
SECRET_DETECTION_COMMITS_FILE
The SECRET_DETECTION_ENTROPY_LEVEL
previously allowed you to configure rules that only considered the entropy level of strings in your codebase, and is now deprecated.
This type of entropy-only rule created an unacceptable number of incorrect results (false positives) and is no longer supported.
In GitLab 15.0, we'll update the Secret Detection analyzer to ignore these deprecated options.
You'll still be able to configure historical scanning of your commit history by setting the SECRET_DETECTION_HISTORIC_SCAN
CI/CD variable.
Breaking Change
There is no replacement for the removed variables. Please comment on this issue if you have a use case for them that isn't handled by other Secret Detection options.
Affected Topology
All deployment types (~SaaS and self-managed) are affected.
Affected Tier
All tiers (GitLab Free, GitLab Premium, GitLab Ultimate) are affected.
Checklist
-
mention your stage's stable counterparts on this issue. For example, Customer Support, Customer Success (Technical Account Manager), Product Marketing Manager. - To see who the stable counterparts are for a product team visit product categories
- If there is no stable counterpart listed for Sales/CS please mention
@timtams
- If there is no stable counterpart listed for Support please mention
@gitlab-com/support/managers
- If there is no stable counterpart listed for Marketing please mention
@cfoster3
- If there is no stable counterpart listed for Sales/CS please mention
- To see who the stable counterparts are for a product team visit product categories
-
mention your GPM so that they are aware of planned deprecations. The goal is to have reviews happen at least two releases before the final removal of the feature or introduction of a breaking change. -
Customer Success stable counterparts: @bmiller1, @brianwald, @chloe
-
Support stable counterpart: @greg
-
Marketing stable counterpart: @cblake2000
-
Director, Product Management: @hbenson
Note: Required and optional reviewers were already @-mentioned on the Deprecation MR (!80474 (merged)).
Deprecation Milestone
Planned Removal Milestone
Links
#350660 (closed) #350573 (closed)
Deprecation Announcement: