Spike: Add a push check that performs secret detection
Context
As part of discovery work for #422574 (closed), add a new push check to Rails which gets invoked by Gitaly whenever a user attempts to push commits to a repository.
Proposal
The aim of the spike is to determine:
- what the user interaction looks like -- are we able to define an error message that a user would then be able to see as the output of a failed
git push
invocation? - if the outcome of #423832 (closed) suggests we use a Go implementation, the best way of shipping a new Go binary with a GitLab installation and invoking it from Rails.
- how false positives should be handled. Two options are proposed, but using a special flag in the commit message seems like the ideal approach for forcing a push containing secrets to succeed.
Push check classes in Rails seem to be located here.
Additional Considerations
- After we complete these two spikes, we'd like to be able to give a high confidence estimate on when we'd be able to deliver Perform secret detection for highest risk conte... (#422574 - closed)
- We'll look to set up a stage-wide brainstorming session in %16.5 to review/discuss the decisions we made as well as any lessons learned.
🤖
Auto-Summary Discoto Usage
Points
Discussion points are declared by headings, list items, and single lines that start with the text (case-insensitive)
point:
. For example, the following are all valid points:
#### POINT: This is a point
* point: This is a point
+ Point: This is a point
- pOINT: This is a point
point: This is a **point**
Note that any markdown used in the point text will also be propagated into the topic summaries.
Topics
Topics can be stand-alone and contained within an issuable (epic, issue, MR), or can be inline.
Inline topics are defined by creating a new thread (discussion) where the first line of the first comment is a heading that starts with (case-insensitive)
topic:
. For example, the following are all valid topics:
# Topic: Inline discussion topic 1
## TOPIC: **{+A Green, bolded topic+}**
### tOpIc: Another topic
Quick Actions
Action Description /discuss sub-topic TITLE
Create an issue for a sub-topic. Does not work in epics /discuss link ISSUABLE-LINK
Link an issuable as a child of this discussion
Last updated by this job
- TOPIC User interaction in push checks #423834 (comment 1553607364)
- TOPIC Shipping a Go binary in the monolith, and how to invoke it? #423834 (comment 1553607998)
- TOPIC Handling false positives #423834 (comment 1553609088)
- TOPIC Follow-up - determine performance SLA requirements for adding pre-receive secret detection #423834 (comment 1581254467)
Discoto Settings
---
summary:
max_items: -1
sort_by: created
sort_direction: ascending
See the settings schema for details.