Skip to content

Used new process to gen gitleaks.toml

rossfuhrman requested to merge rf-normalize-spp-toml into master

What does this MR do and why?

Used the new process for syncing tags to generate the gitleaks.toml. The rules themselves are unchanged, but the formatting is completely different.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

I used the file from my in-progress MR at https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/517391b5d904f4e4fcc92ceae4f72031ceadec79/qa/fixtures/secrets/secrets.go to test the patterns were still detected.

The gitleaks.toml supports 35 patterns. 34 of those patterns are represented in the secrets.go file. The pattern missing is New Relic user API ID.

This can be done from the WebIDE or the terminal, but I'll go through the WebIDE steps.

  1. From a GDK repo, launch the WebIDE and add file with contents from secrets.go.
  2. Try to push the change
  3. You should get this warning: Could not push the commit. The secret detection scan encountered one or more findings.
  4. Click See results to inspect the output
  5. There should be 34 different entries, matching the 34 different types of patterns we are expecting.
Edited by rossfuhrman

Merge request reports