Update secret detection template to be more robust (!78321) · Merge requests · GitLab.org / GitLab

Zach Rice requested to merge secret-detect-robustness into master Jan 14, 2022

What does this MR do and why?

This MR introduces dynamic git fetching which only fetches commits that should be scanned by the secret detection analyzer. For more context refer to gitlab-com/www-gitlab-com!96577 (comment 811281783). Secret Detection needs to determine the range of commits to be scanned. Prior to this change, the range could exceed the default fetch depth which caused an incomplete scan. With this change, we can determine the correct fetch depth and range of commits to be scanned for completion.

See comments in script for additional details.

FWIW, we have been discussing moving this logic into the analyzer itself... but that is for a future release.

Screenshots or screen recordings

gitlab-org/security-products/tests/secrets!44 (closed)

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jan 14, 2022 by Zach Rice

Update secret detection template to be more robust

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports