vor/secret-detection
1
0
Fork 0
mirror of https://gitlab.com/components/secret-detection.git synced 2025-06-29 15:08:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
Secret Detection scans your repository to help prevent your secrets from being exposed.
33 commits 1 branch 9 tags 74 KiB
Find a file
Exact
Ahmed Hemdan ad30546fc4 Merge branch 'bump-version-to-7' into 'main' 
Bump version to 7

See merge request components/secret-detection!10
2025-04-23 09:36:59 +02:00
src/ruby_gem Add an initial version of the component 2023-06-13 14:26:35 +02:00
templates Bump version to 7 2025-04-21 23:41:40 +02:00
.gitlab-ci.yml Run a couple of jobs only on Gitlab.com 2024-06-25 14:58:08 +02:00
CODEOWNERS Add a codeowners file 2024-07-18 19:37:55 +02:00
LICENSE Add LICENSE 2025-02-14 11:17:45 +01:00
logo.png Update file logo.png 2023-12-12 15:10:49 +00:00
README.md Fix spacing 2025-04-22 10:32:37 +02:00

README.md

Secret Detection

Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/secret_detection.

Configure Secret Detection with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).

List of available variables: https://docs.gitlab.com/ee/user/application_security/secret_detection/#available-cicd-variables

Usage

You should add this component to an existing .gitlab-ci.yml file by using the include: keyword.

include:
  - component: gitlab.com/components/secret-detection/secret-detection@<VERSION>

where <VERSION> is the latest released tag or main.

This component will add a secret_detection job to the pipeline.

If you are converting the configuration to use components and want to leverage the existing variable $SECRET_DETECTION_DISABLED you could conditionally include the component using the variable:

include:
  - component: gitlab.com/components/secret-detection/secret-detection@main
    rules:
      - if: $SECRET_DETECTION_DISABLED == "true" || $SECRET_DETECTION_DISABLED == "1"
        when: never

Otherwise the job will run when applicable.

This assumes SECRET_DETECTION_DISABLED variable is already defined in .gitlab-ci.yml with either 'true' or '1' as the value.

Inputs

Input Default value Description
stage test The stage where you want the job to be added.
image_prefix $CI_TEMPLATE_REGISTRY_HOST/security-products Override the name of the Docker registry providing the default images (proxy).
image_tag 7 Override the default version of the secrets analyzer image.
image_suffix "" Suffix added to the image name. If set to -fips, FIPS-enabled images are used for scan. Introduced in GitLab 14.10.

Variables

You can customize secret detection by defining the following CI/CD variables:

CI/CD variable Description
SECRET_DETECTION_EXCLUDED_PATHS Exclude vulnerabilities from output based on the paths. The paths are a comma-separated list of patterns. Patterns can be globs (see doublestar.Match for supported patterns), or file or folder paths (for example, doc,spec). Parent directories also match patterns. Introduced in GitLab 13.3.
SECRET_DETECTION_HISTORIC_SCAN Flag to enable a historic Gitleaks scan.
SECRET_DETECTION_LOG_OPTIONS git log options used to define commit ranges. Introduced in GitLab 15.1.

Contribute

Please read about CI/CD components and best practices at: https://docs.gitlab.com/ee/ci/components