diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b47a28d..125435a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,26 +1,19 @@ include: - component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/secret-detection@$CI_COMMIT_SHA + component: gitlab.com/$CI_PROJECT_PATH/job@$CI_COMMIT_SHA stages: [test, release] -secret_detection: - rules: - - if: $CI_COMMIT_BRANCH - - if: $CI_COMMIT_TAG # overriding rules to ensure it runs on tags before the release. - ensure-job-added: stage: test image: badouralix/curl-jq script: - echo "Expect that a job named 'secret_detection' is added to the pipeline" - | - route="$CI_API_V4_URL/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs" + route="https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs" count=`curl --silent $route | jq 'map(select(.name | contains("secret_detection"))) | length'` if [ "$count" != "1" ]; then exit 1 fi - rules: - - if: ($CI_COMMIT_BRANCH || $CI_COMMIT_TAG) && $CI_SERVER_HOST =~ /gitlab.com/ # Ensure that a project description exists, because it will be important to display # the resource in the catalog. @@ -28,7 +21,7 @@ check-description: image: badouralix/curl-jq script: - | - route="$CI_API_V4_URL/projects/$CI_PROJECT_ID" + route="https://gitlab.com/api/v4/projects/$CI_PROJECT_ID" desc=`curl --silent $route | jq '.description'` if [ "$desc" = "null" ]; then echo "Description not set. Please set a projet description" @@ -36,8 +29,6 @@ check-description: else echo "Description set" fi - rules: - - if: $CI_SERVER_HOST =~ /gitlab.com/ # Ensure that a `README.md` exists in the root directory as it represents the # documentation for the whole components repository. diff --git a/CODEOWNERS b/CODEOWNERS deleted file mode 100644 index 8c09c67..0000000 --- a/CODEOWNERS +++ /dev/null @@ -1 +0,0 @@ -* @gitlab-org/secure/secret-detection diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 0fb88d0..0000000 --- a/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2023 GitLab Inc. - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/README.md b/README.md index bd29082..9541ac5 100644 --- a/README.md +++ b/README.md @@ -13,18 +13,16 @@ keyword. ```yaml include: - - component: gitlab.com/components/secret-detection/secret-detection@ + - component: gitlab.com/gitlab-components/secret-detection/job@ ``` where `` is the latest released tag or `main`. -This component will add a `secret_detection` job to the pipeline. - If you are converting the configuration to use components and want to leverage the existing variable `$SECRET_DETECTION_DISABLED` you could conditionally include the component using the variable: ```yaml include: - - component: gitlab.com/components/secret-detection/secret-detection@main + - component: gitlab.com/gitlab-components/secret-detection/job@main rules: - if: $SECRET_DETECTION_DISABLED == "true" || $SECRET_DETECTION_DISABLED == "1" when: never @@ -40,7 +38,7 @@ This assumes `SECRET_DETECTION_DISABLED` variable is already defined in `.gitlab | ----- | ------------- | ----------- | | `stage` | `test` | The stage where you want the job to be added. | | `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Override the name of the Docker registry providing the default images (proxy). | -| `image_tag` | `7` | Override the default version of the `secrets` analyzer image. | +| `image_tag` | `5` | Override the default version of the `secrets` analyzer image. | | `image_suffix` | `""` | Suffix added to the image name. If set to -fips, [FIPS-enabled images](https://docs.gitlab.com/ee/user/application_security/secret_detection/#use-fips-enabled-images) are used for scan. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355519) in GitLab 14.10. | ### Variables @@ -52,7 +50,3 @@ You can customize secret detection by defining the following CI/CD variables: | `SECRET_DETECTION_EXCLUDED_PATHS` | Exclude vulnerabilities from output based on the paths. The paths are a comma-separated list of patterns. Patterns can be globs (see [doublestar.Match](https://pkg.go.dev/github.com/bmatcuk/doublestar/v4@v4.0.2#Match) for supported patterns), or file or folder paths (for example, `doc,spec`). Parent directories also match patterns. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/225273) in GitLab 13.3. | | `SECRET_DETECTION_HISTORIC_SCAN` | Flag to enable a historic Gitleaks scan. | | `SECRET_DETECTION_LOG_OPTIONS` | [`git log`](https://git-scm.com/docs/git-log) options used to define commit ranges. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/350660) in GitLab 15.1. | - -## Contribute - -Please read about CI/CD components and best practices at: https://docs.gitlab.com/ee/ci/components diff --git a/logo.png b/logo.png deleted file mode 100644 index e5c20d1..0000000 Binary files a/logo.png and /dev/null differ diff --git a/templates/secret-detection.yml b/templates/job.yml similarity index 97% rename from templates/secret-detection.yml rename to templates/job.yml index 79c1e0b..bd1e3ad 100644 --- a/templates/secret-detection.yml +++ b/templates/job.yml @@ -5,7 +5,7 @@ spec: image_prefix: default: "$CI_TEMPLATE_REGISTRY_HOST/security-products" image_tag: - default: '7' + default: '5' image_suffix: default: "" ---