FIPS compliant Secret Detection template

Why are we doing this work

FIPS compliance is a requirement for the US Govt to utilize a piece of software. It is required for any FISMA or FedRAMP system, and cannot be waived.

In order for GitLab to be directly usable within the US Govt, we need to be compliant.

Relevant links

FIPS 140-2 Compliant GitLab
Sec section FIPS Compliance (Secure and Protect)
Predefined CI variable to indicate FIPS mode for security analyzers

Non-functional requirements

Documentation:
Testing:

Implementation plan

Template change consensus reached here

When FIPS mode is enabled in GitLab, the template should automatically use the FIPS version of analyzer. This will occur through a new variable _VERSION_TAG. The rules of the job will correctly set _VERSION_TAG to -fips when CI_GITLAB_FIPS_MODE is set to 'true'.

Edited Apr 15, 2022 by Lucas Charles