Adherence check - Secret Detection

Problem to solve

To adhere to regulatory standards and to provide evidence of compliance, I need to be able to generate a report for auditors detailing the last date/time each of my repositories were scanned by each security scanner. I would leverage this data to also action against projects that are out of compliance to bring them into compliance and ensure that scanners are properly enabled/enforced to run.

Proposal

Add an adherence check for the "GitLab Standard" that checks that Secret Detection is enabled on the project.

Secret Detection can be enabled to configure Secret Detection for the current project. For more details, https://docs.gitlab.com/ee/user/application_security/secret_detection/index.html#use-an-automatically-configured-merge-request

Implementation plan

cloned from #440715

changed milestone to %Backlog

added backend devopsgovern documentation groupcompliance priority2 sectionsec typefeature workflowplanning breakdown labels

added to epic &12661

changed title from Adherence check - Static Application Security Testing (SAST) to Adherence check - Secret Detection

changed the description

marked this issue as blocking #442140

We can check whether secret detection is enabled for a project by checking if the corresponding artifact got generated for a pipeline which ran on the default branch of the repository. Similar to what we are doing for sast scanner in !163579 (merged). The file_type for the artifact will be secret_detection.

assigned to @dakotadux

changed milestone to %17.10