Version Secret Detection Rules to support rolling refinement
Proposal
As discussed in our Looking Forward agenda (GitLab internal), we should consider versioning our Category:Secret Detection rules to better allow future refinement.
By leveraging autoresolution we should instead treat all rules as idempotent.
Addendum: one downside to this change is that we will break tracking across pattern refinements. While establishing guidance we should decide whether we should treat all rules as immutable or whether minor improvements should be considered. Perhaps this approach should only be reserved for significant rule refactors?
Implementation
-
backend Enable automatic vulnerability resolution for Category:Secret Detection -
backend Update guidance for adding new rules to include versioning: identifier: "Meta access token"
=>identifier: "Meta access token v2"
-
backend [Consider] Update guidance to no longer modify existing patterns, only remove old and add new (see above "Addendum")
We should not update identifiers of existing rules as that will break existing mappings
Edited by Lucas Charles