Skip to content

Draft: Add partner token verification service for Secret Detection

What does this MR do and why?

Add partner token verification service for Secret Detection

Implements the GitLab-side service for verifying partner platform tokens through the Secret Detection Response Service (SDRS).

  • Add PartnerTokenVerificationService to handle verification requests

    • Validates prerequisites (feature flag, SDRS config, permissions)
    • Generates JWT tokens for secure SDRS authentication
    • Sends async verification requests with proper error handling
    • Updates token status throughout the verification process
  • Add CreateOrUpdateService for managing FindingTokenStatus records

    • Creates or updates token verification status
    • Validates status transitions
    • Maintains audit trail of verification attempts
  • Add comprehensive test coverage for both services

    • Tests for various error scenarios
    • Tests for JWT generation and SDRS communication
    • Tests for status transitions and validations

This enables security teams to verify the status of leaked partner tokens, helping prioritize remediation efforts on active credentials.

EE: true

References

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #551363 (closed)

Merge request reports

Loading