Pre-receive secret detection audit events
What does this MR do and why?
Issue: #441185 (closed)
With the introduction of pre-receive secret detection, we want to create audit events for when the feature is enabled or disabled for an instance, and when a user bypasses pre-receive secret detection via commit message.
In a future MR, we will add audit events for toggling the feature for a project, and when a user bypasses secret detection via push option. More info here: #441185 (comment 1833055849)
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
pry(main)> Gitlab::CurrentSettings.update!(pre_receive_secret_detection_enabled: true) # to ensure feature is enabled instance-wide
pry(main)> project = Project.find(PROJECT_ID)
pry(main)> Feature.enable(:pre_receive_secret_detection_push_check, project)
(or go in to ee/lib/gitlab/checks/secrets_check.rb
and comment out lines 43, 45, 46, 48)
- Ensure your instance has an Ultimate license so that audit events are available.
- In your test project, make a change and commit it, including the bypass flag
[skip secret detection]
in the commit message - Navigate to Secure > Audit events
- Verify that the audit event appears as in the above screenshot