Secret Detection docs should make it clear which commits are scanned
Problem to solve
Secret detection scanning behavior can depend on the pipeline config and whether SECRET_DETECTION_HISTORIC_SCAN
. We should make it super clear which commits are scanned under which circumstances.
Further details
- I wasn't sure about whether this comment was correct (scanning only one commit) and couldn't find an unambiguous statement: #357453 (comment 896778057)
- Confusion around which commits were scanned in MR pipelines came up in this recent issue: #356093 (comment 884585255)
- Slack thread (team members only) surfaced customer confusion about behavior
Proposal
Add a section, or edit existing content, that explicitly addresses the question, "Which commits are scanned in a Secret Detection job?"
This section should link to related config options.
Who can address the issue
Need a technical summary from Category:Secret Detection expert. After that, anyone can address the documentation issue.
Other links/references
Edited by Connor Gilbert