Gitleaks v8.2.3
What does this MR do?
This MR updates the Secret Detection analyzer dependency on gitleaks to v8.2.0. gitleaks v8.0.0 introduced some big changes including the switch from go-git
to shelling git
commands directly which ended up being much more performant. Full release notes for gitleaks can be found here: https://github.com/zricethezav/gitleaks/releases
Because of the gitleaks update, there have been some minor changes to the analyzer including:
- the need to extract relative file paths for non-historic scans
- secret struct definition change
- ruleids that are part of the gitleaks configuration file are used for findings' id/compare key
- shelling of
gitleaks
needed to be tweaked
Other changes include removing some bloated tests that don't accomplish anything like full-history
vs small-full-history
: https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/convert_test.go#L25-28
What are the relevant issue numbers?
gitlab-org/gitlab#345770 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Merge request reports
Activity
added Category:Secret Detection backend devopssecure groupstatic analysis labels
requested review from @dsearles
assigned to @zrice
added 3 commits
-
fe48add1...9e20f75d - 2 commits from branch
master
- 69909053 - Merge branch 'master' into 'gitleaks-v8.2.3'
-
fe48add1...9e20f75d - 2 commits from branch
2 Warnings Please add a merge request type to this merge request. This merge request does not refer to an existing milestone. Reviewer roulette
Please refer to the table below for assigning reviewers suggested by Danger in the specified category:
Category Reviewer Maintainer backend Daniel Searles ( @dsearles
) (UTC-7, 1 hour behind@zrice
)No maintainer available To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
Generated by
DangerEdited by 🤖 GitLab Bot 🤖added sectionsec label
requested review from @theoretick
- Resolved by Lucas Charles
@theoretick I think we are ready to merge this if we wanna give it another go, zrice/historic-secrets!12 (closed) seems to be working
Edited by Zach Rice
marked the checklist item Tests added for this feature/bug as completed
mentioned in commit 77eec3dc
@jimmy-outschool giving this another shot. Let me know if you see any funny business ;)
mentioned in issue gitlab-com/www-gitlab-com#11685 (closed)