Docs tutorial: Pipeline secret detection
Problem: Developers can easily commit to a Git repository sensitive information - for example, private SSH keys and tokens. Misuse of this information can result in severe consequences for any organization.
Solution: Provide an end-to-end tutorial of how sensitive information is detected by pipeline secret detection, and what to do afterward.
Outline:
- Create new project.
- Enable Secret Detection.
- Commit a simple change (without any sensitive information).
- Add sensitive information to the README file.
- Commit the change and create a merge request.
- View the details of the MR pipeline, which details the secret.
- Remove the sensitive information from the README file.
- Re-run the MR pipeline.
Edited by Russell Dickenson