Clarify pipeline secret detection custom rule options
Problem to solve
The options for using custom rules for pipeline secret detection are confusing. The usage of each option, and caveats that apply, are not explained cleary.
Further details
Proposal
Explain each option clearly, so that the reader can make an informed choice about which option(s) suit their use case, and implement them more easily.
With thanks to @greg, the following summarizes the available options:
- Extending the default configuration (under "Customizing analyzer settings" heading ) = custom rules that are applied in addition to predefined rules - the key part here is the [extend] part of the configuration
- Synthesize a custom configuration (under "Customizing analyzer settings" heading) = custom secret detection rules that are used instead of predefined rules (ignores all default GitLab secret detection rules)
- Override predefined analyzer rules (under "Overriding the analyzer jobs" heading) = allows one to customize the description, message, name, severity of predefined rules
- Disable predefined analyzer rules (under "Overriding the analyzer jobs" heading) = allows one to ignore/disregard specific predefined rules
1 and 2 are for adding or using your own custom secret detection rules while 3 and 4 are really just for modifying the predefined rules.
In addition to the above, it needs to be made clear which of these options can be combined, also if they're supported when using a remote configuration file (i.e. a configuration file contained in a separate project).
Who can address the issue
Anyone.
Other links/references
Edited by Greg Myers