Enable gitlab_pipeline_trigger_token for validity checks

Craig Smithrequested to merge
craigmsmith-enable-tokens-for-validity-checks into master

What does this MR do and why?

This MR expands the validity checks so that the status of detected gitlab_pipeline_trigger_tokens are now checked.

Database queries

This MR adds the scope with_token to Trigger to facilitate this.

The query this scope produces is

https://console.postgres.ai/gitlab/gitlab-production-ci/sessions/41052/commands/126167

Expand SQL query 
SELECT
    "ci_triggers".*
FROM
    "ci_triggers"
WHERE
    "ci_triggers"."token" IN ('glptt-0a9848abdbd4f565fcd9f0c8a74dcaf78b71f28b', 'glptt-0a9848abdbd4f565fcd9f0c8a74dcaf78b71f28c')

References

Add Secret Detection token status to all other ... (#534788 - closed) • Craig Smith • 18.2 • On track

Screenshots or screen recordings

Before After

How to set up and validate locally

Step 1: Create a Test Project

Create a new test project in your GDK.

Step 2: Enable Feature Flag and Validity Checks

Open the Rails console:

gdk rails console

Enable the feature flag:

Feature.enable(:validity_checks)

Find your test project and enable validity checks:

# Find your project (replace with actual project ID)
project = Project.find(your_project_id)

# Enable validity checks
project.security_setting.update(validity_checks_enabled: true)

Step 3: Create Pipeline Trigger token

  1. Navigate to your project

  2. Go to Settings → CI/CD (in the left sidebar)

  3. Scroll down and expand the "Pipeline triggers" section

  4. Click the "Add trigger" button

  5. Enter a description (optional but recommended for identification)

  6. Click "Add trigger"

  7. Important: Copy and save the token value as you'll need it in the next step.

Step 4: Configure Secret Detection

In your test project, create or update .gitlab-ci.yml:

include:
  - template: Jobs/Secret-Detection.gitlab-ci.yml

Step 5: Add Tokens to Repository

Create a README.md file in your project and add the token values you saved earlier:

# Test Project

This project contains test tokens for validity checks:

- Pipeline trigger token: glptt-[your-token-value]

Commit and push the changes to trigger the pipeline.

Step 6: Verify Results

  1. Wait for the pipeline to complete
  2. Navigate to Security & ComplianceVulnerability Report in your project
  3. Verify that the token appears in the vulnerability report
  4. Expected Result: The status of each token will show as "active".

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Craig Smith

Merge request reports