Secrets push check uses project level settings
What does this MR do and why?
Secrets push check uses project level settings
The pre-receive secret detection push check now utilizes the project level setting on GitLab.com
This work is in support of Update secrets push check to honor the new proj... (#451356) • rossfuhrman • 17.0 • Needs attention
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
This MR pairs with the work, in Add setting for enabling pre-receive Secret Det... (!149167 - merged) • Dheeraj Joshi • 17.0, but that MR does not need to be merged for this MR to be tested.
Numbered steps to set up and validate the change are strongly suggested.
- Simulate .com. Either change
lib/gitlab.rb#self.com?to return true, or set theGITLAB_SIMULATE_SAASENV var appropriately. - Restart gdk
- Enable feature flag:
Feature.enable(:pre_receive_secret_detection_beta_release)- Enable the instance setting for pre-receive SD at /admin/application_settings/security_and_compliance#js-secret-detection-settings
- Enable for a given project
project = Project.find 7 # this is flightjs on my machine :smile:
#enable the FF for the project
::Feature.enable(:pre_receive_secret_detection_push_check, project)
#enable pre-receive scanning for the project
project.security_setting.pre_receive_secret_detection_enabled = true
project.save!- At this point, secrets should be prevented from being committed for the project
Edited by rossfuhrman