Eliminate Secret detection rules from sast-rules repository
Problems to solve
Duplication: Many SAST tools are shipped with secret detection patterns which can cause duplication when both secret detection and SAST are enabled. However for these types of patterns, secret detection is the better tool: many secret detection patterns are very similar across languages and since secret detection is language-agnostic we do not have to write the same patterns over and over again.
Translation/Migration effort: Until now when we translated patterns from FOSS tools over to semgrep, we went tried to minimize the gaps between the original SAST tool and the corresponding rule set. Secret detection rules were part of this process so that we spend time translating rules we could have just skipped in the first place. We could adapt the approach and ignore secret detection rule altogether for future transitions.
Proposal
Eliminate all secret detection rules from https://gitlab.com/gitlab-org/secure/gsoc-sast-vulnerability-rules/playground/sast-rules to clearly separate between secret detection and SAST patterns.
Intended users
Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.