You need to sign in or sign up before continuing.
Bump secret-detection-rules to version v0.16.0 for Pipeline and Push Protection
Problem
SD rules v0.16.0 version introduces following rule changes:
- Add support for Auth0 Client Secret |
❌ SPP |☑️ Pipeline-based - Add support for AWS Security Token Service(STS) |
☑️ SPP & Pipeline-based - Add support for Azure App Configuration Connection String |
☑️ SPP & Pipeline-based - Add support for Azure Cosmos DB Credentials |
❌ SPP |☑️ Pipeline-based - Add support for Azure Communication Services Connection String |
☑️ SPP & Pipeline-based - Add support for Azure Personal Access Token |
❌ SPP |☑️ Pipeline-based - Add support for Azure Entra ID Token |
❌ SPP |☑️ Pipeline-based - Enhance Azure Entra Client Secret rule to improve detection coverage |
☑️ SPP & Pipeline-based - Enhance Azure API Management Direct Key rule to improve detection coverage |
❌ SPP |☑️ Pipeline-based
Implementation plan
-
Follow the release procedure outlined in https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules#release-process -
Secret Detection Analyzer MR: gitlab-org/security-products/analyzers/secrets!421 (merged) -
Secret Detection Gem (for Push Protection) MR: gitlab-org/security-products/secret-detection/secret-detection-service!139 (merged)
-
-
GitLab Rails MR: !208047 (merged) Run the following commands in the
gitlabdirectory to update the gem:$ mise exec -- bundle update --conservative gitlab-secret_detection $ bundle exec rake bundler:gemfile:sync -
Documentation MR: Update SD Ruleset support matrix with new rules (!207442 - merged) • Vishwa Bhat • 18.5 -
Release Post Issue: Bump secret-detection-rules to version v0.16.0 ... (gitlab-com/www-gitlab-com!141272 - merged) • Alana Bellucci, Amar Patel • 18.5
Edited by Vishwa Bhat