## Problem to Solve Today, Secret Detection protects users from introducing new secrets into codebases by running in an opt-in MR pipeline. However, there are many other places where secrets _could_ exist. _We need to provide greater coverage in our detection of secrets across the GitLab platform._ ## Coverage Listed below are all the areas where a secret _could_ be leaked in GitLab: 1. Repository Components: - Source Code - Git History - Git Push (push protection) 2. CI/CD Features: - Pipeline Logs - Job Artifacts - .gitlab-ci.yml 3. Collaborative Features: - Issues (descriptions and comments) - Merge Requests (descriptions, comments, and diffs) - _Available today, but only for `glpat`._ 4. Documentation: - Wiki Pages - Project Snippets 5. Registry Components: - Container Registry - Package Registry --- ### Related work/links - [Advanced Search Token Hunter](https://gitlab.com/gitlab-com/gl-security/appsec/advanced-search-token-hunter) (internal) uses existing search indexing to find leaks in a variety of types of content. - [UX Research report 1974-D](https://docs.google.com/presentation/d/1du7-Yss4_b5CMXFU_QXmhrH1vKIXwIreT-x41uQ6IZ4/edit#slide=id.g139166cf3c8_0_407) (internal) - [UX Research](https://docs.google.com/document/d/1DIJG-9SpSfzlbsRJenOb7iikaMc3RZA9_bi1aj5ML9E/edit) (internal) found preventing accidental secret disclosure was a top priority for users. Related research issue, https://gitlab.com/gitlab-org/ux-research/-/issues/1970+.