Skip to content

Pre-receive secret detection audit events

Serena Fang requested to merge pre-receive-secret-detection-audit-events into master

What does this MR do and why?

Issue: #441185 (closed)

With the introduction of pre-receive secret detection, we want to create audit events for when the feature is enabled or disabled for an instance, and when a user bypasses pre-receive secret detection via commit message.

In a future MR, we will add audit events for toggling the feature for a project, and when a user bypasses secret detection via push option. More info here: #441185 (comment 1833055849)

Screenshots or screen recordings

image

image

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

pry(main)> Gitlab::CurrentSettings.update!(pre_receive_secret_detection_enabled: true) # to ensure feature is enabled instance-wide
pry(main)> project = Project.find(PROJECT_ID)
pry(main)> Feature.enable(:pre_receive_secret_detection_push_check, project) 

(or go in to ee/lib/gitlab/checks/secrets_check.rb and comment out lines 43, 45, 46, 48)

  1. Ensure your instance has an Ultimate license so that audit events are available.
  2. In your test project, make a change and commit it, including the bypass flag [skip secret detection] in the commit message
  3. Navigate to Secure > Audit events
  4. Verify that the audit event appears as in the above screenshot

Merge request reports

Loading