18.4 Planning Issue - Secret Detection
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
🔒 Secure, Secret Detection - Milestone Planning
This is a planning issue for Category:Secret Detection which is maintained by groupsecret detection.
See the group handbook page for more about this issue and how it fits into group workflows.
Milestone Key Dates
- Start Date: 2025-08-16
- Code Freeze: 2025-09-12
- Release Date: 2025-09-18
Narrative
Enable Secret Push Protection on all Public Projects
In %18.3 We finished all the prerequisite work that was needed in order for us to begin the Roll out dark launch of SPP for public projects (#551761). In %18.4 we will kick off the rollout and monitor the SDS to ensure it's able to handle the traffic we're sending it.
Additionally we've kicked off a https://gitlab.com/groups/gitlab-org/-/epics/18760+, which will need to be completed by the end of %18.4 at the latest for us to meet our target of enabling this for customers in %18.5.
---
display: table
title: Enable secret push protection by default for public projects
fields: title, healthStatus, labels("type::feature", "type::maintenance", "type::bug", "type::ignore") as "Type", assignees, labels("workflow::*") as "Workflow", labels("Deliverable", "Spike", "Stretch") as "Other info", state
limit: 10
---
label = "group::secret detection" and project = "gitlab-org/gitlab" and epic = &17502 and milestone = "18.4" and label != "workflow::planning breakdown" AND label != "workflow::refinement" AND label != "workflow::problem validation" AND label != "workflow::design" AND assignee!="abellucci" AND assignee != "phillipwells"
Validity Checks for Secret Detection
Beta iteration
In %18.3 Refresh token functionality has been added to the Vulnerability report. We've also implemented the backend changes needed to support SecurityFindings. In %18.4 we plan to add the token status and refresh button to the MR Pipeline Widget, Pipeline Security Details page, and the Security Report page.
As for the Validity check filter, the UI-only work has completed and we will need to finish implementing the BE logic in %18.4 in order for us to connect the FE and BE in %18.5.
---
display: table
title: Validity Checks - Beta
description: This only contains issues from the Beta epic.
limit: 5
fields: title, healthStatus, labels("type::feature", "type::maintenance", "type::bug", "type::ignore") as "Type", assignees, labels("workflow::*") as "Workflow", labels("Deliverable", "Spike", "Stretch") as "Other info", state
---
label = "group::secret detection" and project = "gitlab-org/gitlab" and epic = &16927 and milestone = "18.4" and label != "workflow::planning breakdown" AND label != "workflow::refinement" AND label != "workflow::problem validation" AND label != "workflow::design" AND assignee!="abellucci" AND assignee != "phillipwells"GA iteration
We will be spending the %18.4 iteration investigating how we can support this feature in self-managed and Dedicated environments. There may be some re-architecture needed to support these changes, which will be communicated via our architecture design doc once finalized.
---
display: table
title: Validity Checks - GA
description: This only contains issues from the GA epic.
limit: 5
fields: title, healthStatus, labels("type::feature", "type::maintenance", "type::bug", "type::ignore") as "Type", assignees, labels("workflow::*") as "Workflow", labels("Deliverable", "Spike", "Stretch") as "Other info", state
---
label = "group::secret detection" and project = "gitlab-org/gitlab" and epic = &16890 and milestone = "18.4" and label != "workflow::planning breakdown" AND label != "workflow::refinement" AND label != "workflow::problem validation" AND label != "workflow::design" AND assignee!="abellucci" AND assignee != "phillipwells"
Secret Detection Rule Development
In %18.3 we paused on this effort so we could get realigned on what our Phase 1 scope should be. In %18.4, we'll finish those discussions and begin implementation efforts on Phase 1.
---
display: table
limit: 5
fields: title, healthStatus, labels("type::feature", "type::maintenance", "type::bug", "type::ignore") as "Type", assignees, labels("workflow::*") as "Workflow", labels("Deliverable", "Spike", "Stretch") as "Other info", state
---
label = "group::secret detection" and project = "gitlab-org/gitlab" and epic = &16616 and milestone = "18.4" and label != "workflow::planning breakdown" AND label != "workflow::refinement" AND label != "workflow::problem validation" AND label != "workflow::design" AND assignee!="abellucci" AND assignee != "phillipwells"
❓ Unplanned work
🐛 Bugs
---
display: table
fields: title, assignee, milestone, labels("priority::*"), labels("severity::*"), labels("workflow::*"), labels("Deliverable"), state, milestone
---
label = "group::secret detection" AND label = "type::bug" AND milestone = "18.4" AND assignee!="abellucci" AND assignee != "phillipwells" AND label != "workflow::planning breakdown" AND label != "workflow::refinement" AND label != "workflow::problem validation" AND project = "gitlab-org/gitlab"
🚧 Maintenance
---
display: table
fields: title, assignee, labels("workflow::*"), labels("Deliverable"), state, milestone
---
label = "group::secret detection" AND label = "type::maintenance" AND milestone = "18.4" AND assignee!="abellucci" AND assignee != "phillipwells" AND label != "workflow::planning breakdown" AND label != "workflow::refinement" AND label != "workflow::problem validation"Looking forward
This section lists items that are in earlier stages of planning. Refining them is an important part of this milestone because it sets us up to work on them in the following milestones. Primary areas of responsibility are listed, but everyone can contribute!
This is almost certainly more than we can take on. Items that are marked as Deliverable are expected to be workflowready for development by the end of the milestone.
---
display: table
fields: title, assignee, labels("workflow::*"), labels("type::*"), labels("Deliverable"), state, milestone
---
label = "group::secret detection" AND label in ("workflow::planning breakdown","workflow::refinement","workflow::problem validation") AND milestone = "18.4" AND assignee!="abellucci"Please suggest others or add them directly.
Product
This section includes other Product and UX context that may not fit into the Looking forward section above.
Product Manager: @abellucci
---
display: table
fields: title, assignee, state, milestone
---
label = "group::secret detection" AND label != "Planning Issue" AND milestone = "18.4" AND assignee = "abellucci"UX
---
display: table
fields: title, assignee, state, milestone
---
label = "group::secret detection" AND label != "Planning Issue" AND milestone = "18.4" AND label = "workflow::design"Documentation
This section includes group inputs and the plan for Technical Writing in the milestone.
Technical Writing stable counterpart: @phillipwells
---
display: table
fields: title, assignee, state, milestone
---
label = "group::secret detection" AND milestone = "18.4" AND assignee = "phillipwells"