## Overview This epic tracks the work necessary to provide maintainers and owners of projects the ability to exclude **certain paths**, **regex patterns**, or **raw values** from being scanned, detected, and blocked by [Secret Push Protection](https://docs.gitlab.com/ee/user/application_security/secret_detection/secret_push_protection) using a [UI-managed exclusions list](https://gitlab.com/groups/gitlab-org/-/epics/13993). ## Proposal ([**Epic Dashboard**](https://epic-dashboard-gitlab-org-tenant-scale-group-4aecf10d1d02154641.gitlab.io/epic_14878)) The following is a high-level overview of tasks required to achieve the desired outcome: #### Backend On the ~backend side... * **Phase 1.1**: * Introduce database tables to support exclusions on both project and group levels. * Define and set roles that can manage exclusions on project-level. * Introduce the API interface for managing exclusions on the project-level. * Introduce REST API resources for managing exclusions on the project-level. * Introduce GraphQL resources for managing exclusions on the project-level. * Update secret push protection to exclude findings based on existing exclusions. * Update scanning engines (e.g. gem and secret detection service) to handle exclusions. #### Frontend On the ~frontend side... * **Phase 1.2:** Add the interface to manage exclusions on project-level. 1. https://gitlab.com/gitlab-org/gitlab/-/issues/480024+s 2. https://gitlab.com/gitlab-org/gitlab/-/issues/480045+s 3. https://gitlab.com/gitlab-org/gitlab/-/issues/480029+s 4. https://gitlab.com/gitlab-org/gitlab/-/issues/480031+s 5. https://gitlab.com/gitlab-org/gitlab/-/issues/480034+s 6. https://gitlab.com/gitlab-org/gitlab/-/issues/480035+s 7. https://gitlab.com/gitlab-org/gitlab/-/issues/480027+s ### Feature Flag We will be using a new ~"feature flag" to roll out the changes. This approach ensures that the changes can be merged incrementally. * https://gitlab.com/gitlab-org/gitlab/-/issues/480041+s ### Documentation Documentation updates can be included in the MR enabling the feature flag by default. * https://gitlab.com/gitlab-org/gitlab/-/issues/480296+s ## Decisions Please refer to the list of [decisions](https://gitlab.com/groups/gitlab-org/-/epics/14315#decisions "Allowlist for Secret Push Protection") in the [parent epic](https://gitlab.com/groups/gitlab-org/-/epics/14315 "Allowlist for Secret Push Protection").