17.7 Planning Issue - Secret Detection

🔒 Secure, Secret Detection - Milestone Planning

This is a planning issue for Category:Secret Detection which is maintained by groupsecret detection.

^See^{the group handbook page}^{for more about this issue and how it fits into group workflows.}

Milestone Key Dates

Start Date: 2024-11-16
Code Freeze: 2024-12-13
Release Date: 2024-12-19

Narrative

In 17.7, we'll continue collaborating with groupvulnerability research to https://gitlab.com/groups/gitlab-org/-/epics/14009+, expand some default detections for secret push protection and continue to plan and refine work for Verify validity of secret detection findings (&13988).

Refinement of key upcoming features

[Spike] Exclusions for Pipeline SD (#503184 - closed)

Priorities

Key items to deliver

This section lists items that should be ready to deliver (or at least to move forward). Many of these items should be defined as ~Deliverable items, assuming they are feasible to deliver in the milestone.

Status of this list: Initially reviewed. We will add typemaintenance and typebug items, and ensure that all typefeature work is included, before reviewing the overall list with team members.

typefeature

Initiative Issues

Initiative	Issues
https://gitlab.com/groups/gitlab-org/-/epics/14009+	https://gitlab.com/groups/gitlab-org/-/epics/16045+s, DRI: `@craigmsmith` https://gitlab.com/gitlab-org/gitlab/-/issues/499659+s https://gitlab.com/gitlab-org/gitlab/-/issues/506894+s https://gitlab.com/gitlab-org/gitlab/-/issues/506895+s https://gitlab.com/gitlab-org/gitlab/-/issues/506897+s https://gitlab.com/gitlab-org/gitlab/-/issues/506896+s https://gitlab.com/gitlab-org/gitlab/-/issues/505221+s https://gitlab.com/gitlab-org/gitlab/-/issues/500789+s
Enable SPP for all projects in a group via a ne... (&15840 - closed)	@ahmed.hemdan will offer support on reviews and as requested from groupsecurity platform management.

https://gitlab.com/groups/gitlab-org/-/epics/14009+

Enable SPP for all projects in a group via a ne... (&15840 - closed)

@ahmed.hemdan will offer support on reviews and as requested from groupsecurity platform management.

typebug

Issues	DRI
CVE-2024-39331 in registry.gitlab.com/gitlab-org/security-products/analyzers/secrets/tmp:emacs-filesystem
CVE-2024-5535 in registry.gitlab.com/gitlab-org/security-products/analyzers/secrets/tmp:openssl
CVE-2024-5535 in registry.gitlab.com/gitlab-org/security-products/analyzers/secrets/tmp:openssl-libs
Some rules ARE NO LONGER detected by pipeline secret detection when using a custom ruleset	@craigmsmith

typemaintenance

Issues	DRI
https://gitlab.com/gitlab-org/gitlab/-/issues/480688+	@ahmed.hemdan
Iteration 1: Move the SD scan operation from ru... (&14935 - closed)	@eurie / @serenafang
Operate Secret Detection service in passive mod... (#494910 - closed)	@eurie
https://gitlab.com/gitlab-org/gitlab/-/issues/481589+	@serenafang

Looking forward

This section lists items that are in earlier stages of planning. Refining them is an important part of this milestone because it sets us up to work on them in the following milestones. Primary areas of responsibility are listed, but everyone can contribute!

This is almost certainly more than we can take on. It's generally in priority order (most important at the top).

Issue	DRI
[Spike] Exclusions for Pipeline SD (#503184 - closed)	@ahmed.hemdan

Please suggest others or add them directly.

Product and UX

This section includes other Product and UX context that may not fit into the Looking forward section above.

Product Manager: @abellucci

Review and finalize Validity Checks - Competitive Research this will help refine the requirements for Design: Secret Detection Validity Checks - Vision which is scheduled for design in 17.8.
Work with Amar Patel on AST::Secret Detection FY25Q3 Sec Realignment Implementation.

Documentation

This section includes group inputs and the plan for Technical Writing in the milestone.

Technical Writing stable counterpart: @rdickenson and @phillipwells

Anticipated Release Posts

Edited Nov 29, 2024 by Alana Bellucci