Add security harness to Lefthook (!115832) · Merge requests · GitLab.org / GitLab

Dmitry Gruzd requested to merge add-security-harness-to-lefthook into master Mar 27, 2023

What does this MR do and why?

This MR implements security-harness for Lefthook. It is based on the branch name. This is another precaution just in case engineers forget to enable script/security-harness.

Screenshots or screen recordings

$ git checkout add-security-harness-to-lefthook
Your branch is up to date with 'origin/add-security-harness-to-lefthook'.
$ git checkout -b security-harness-test
Switched to a new branch 'security-harness-test'
$ git push
Lefthook v1.3.7
RUNNING HOOK: pre-push
merge_conflicts: (skip) settings

  EXECUTE > security_harness
refs/heads/security-harness-test 4e9a12a31dda36351d39e0964965f567b253fa20 refs/heads/security-harness-test 0000000000000000000000000000000000000000
Pushing security branches to remotes other than gitlab.com/gitlab-org/security has been disabled!
Please read https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#do-not-push-to-gitlab-orggitlab

...

SUMMARY: (done in 15.34 seconds)
✔️  yamllint
✔️  danger
🥊  security_harness
error: failed to push some refs to 'gitlab.com:gitlab-org/gitlab.git'

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Mar 27, 2023 by Dmitry Gruzd

Add security harness to Lefthook

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports