Skip to content

Secrets push check uses project level settings

rossfuhrman requested to merge rf-respect-project-setting into master

What does this MR do and why?

Secrets push check uses project level settings

The pre-receive secret detection push check now utilizes the project level setting on GitLab.com

This work is in support of Update secrets push check to honor the new proj... (#451356 - closed) • rossfuhrman • 17.0 • On track

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

This MR pairs with the work, in Add setting for enabling pre-receive Secret Det... (!149167 - merged) • Dheeraj Joshi • 17.0, but that MR does not need to be merged for this MR to be tested.

Numbered steps to set up and validate the change are strongly suggested.

  1. Simulate .com. Either change lib/gitlab.rb#self.com? to return true, or set the GITLAB_SIMULATE_SAAS ENV var appropriately.
  2. Restart gdk
  3. Enable feature flag:
Feature.enable(:pre_receive_secret_detection_beta_release)
  1. Enable the instance setting for pre-receive SD at /admin/application_settings/security_and_compliance#js-secret-detection-settings
  2. Enable for a given project
project = Project.find 7 # this is flightjs on my machine :smile: 

#enable the FF for the project
::Feature.enable(:pre_receive_secret_detection_push_check, project)

#enable pre-receive scanning for the project
project.security_setting.pre_receive_secret_detection_enabled = true
project.save!
  1. At this point, secrets should be prevented from being committed for the project
Edited by rossfuhrman

Merge request reports

Loading