Implement trigger Secret Scanning FP detection workflow
What does this MR do and why?
Implement trigger and data ingestion workflow for Secret Scanning FP detection
-
Hook into after_create_commit on vulnerabilities to trigger secret detection false positive workflows for high/critical severity secret_detection report types
- Add TriggerSecretDetectionFalsePositiveDetectionWorkflowWorker with no-op implementation
- Add comprehensive specs to validate trigger conditions and worker invocation
- Follow existing SAST FP workflow pattern for consistency
- Add parameterized tests for secret_detection report type with various severity levels
*vuln = vulnerability *SDFPD = secret detection false positive detection
References
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
- Setup licensed GDK with Linux runner and AI gateway and Secret Scanning pipeline
- Enable Secret Scanning FP detection flow for project with GitLab Duo active
- Submit code that contains a (fake) secret
- Should see the vuln show up eventually in vuln dashboard and then a session for the SDFPD flow running in sessions.
- The vuln shall have a badge and details containing the scoring
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by SAM FIGUEROA