Create a new gem

Problem to solve

From the parent epic:

To perform regex matching on git blobs that may include secrets, we plan to create a small Ruby library/gem that will be included as a dependency in GitLab main codebase (gitlab-org/gitlab). This dependency will accept one or more git blobs, match them against a defined ruleset of regular expressions (based on gitleaks.toml used by secrets analyzer), and return scan results.

Why a gem and not directly in gitlab-org/gitlab's /lib folder?

Well, a few things: having this included directly in gitlab-org/gitlab defeats the purpose of continuous secret detection, which aims to increase secret detection coverage outside of CI/CD pipelines-context. Additionally, the aim here is to build a self-contained library – similar to Hush (internal only), or this POC (internal only) extracted from it – that accept code in the form of blobs, and return scan results.

Moreover, not using a gem will increase tight coupling and will not make it easy to re-use it elsewhere if the code is only part of gitlab-org/gitlab codebase. For more on this point, please make sure to read on the advantages of using gems, and the pros/cons of having it inside the same repository vs. external repository.

Stating it explicitly that at the end of this Issue, we expect to have a gem that does nothing. The functionality will be implemented in future Issues.

Implementation plan

• Decide upon and reserve gem name
• Decide if we want the gem in an external repository or within the Rails platform
• Generate gem (docs)
• Set the structure according to our guidelines
• For External option: set up the repository, i.e. create project on gitlab, setup permissions (who has access and can merge, etc.)

Testing

Resources