Intelligent, accurate detection of complex strings

Release Notes

Problem to Solve

Secret detection analyzers are known for generating high false positives. Detections are more accurate for patterns that have high entropy. Detecting complex string secrets with accuracy when they have low entropy, is difficult. Despite technical challenges, customers frequently request detection rules that meet this criteria.

Competitive Landscape

Intended users

• Sasha (Software Developer)
• Alex (Security Operations Engineer)

User experience goal

Users are confident that unstructured secrets in their codebase are detected by GitLab.

Proposal

User can elect to use AI to detect unstructured secrets by providing additional context from their codebase.

Available Tier

GitLab Ultimate GitLab Duo Enterprise

Feature Usage Metrics

Performance

Links / references

• Modernizing Secrets Scanning: Part 1–the Problem (Hackernoon)
• DeepSecrets - a better tool for secret scanning (OSS GitHub Repository)
• Finding leaked passwords with AI: How we built Copilot secret scanning (GitHub Blog)