.gitlab-ci.yml

@@ -1,26 +1,19 @@
 include:
-  component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/secret-detection@$CI_COMMIT_SHA
+  component: gitlab.com/$CI_PROJECT_PATH/job@$CI_COMMIT_SHA
 
 stages: [test, release]
 
-secret_detection:
-  rules:
-    - if: $CI_COMMIT_BRANCH
-    - if: $CI_COMMIT_TAG # overriding rules to ensure it runs on tags before the release.
-
 ensure-job-added:
   stage: test
   image: badouralix/curl-jq
   script:
     - echo "Expect that a job named 'secret_detection' is added to the pipeline"
     - |
-      route="$CI_API_V4_URL/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs"
+      route="https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs"
       count=`curl --silent $route | jq 'map(select(.name | contains("secret_detection"))) | length'`
       if [ "$count" != "1" ]; then
         exit 1
       fi
-  rules:
-    - if: ($CI_COMMIT_BRANCH || $CI_COMMIT_TAG) && $CI_SERVER_HOST =~ /gitlab.com/
 
 # Ensure that a project description exists, because it will be important to display
 # the resource in the catalog.
@@ -28,7 +21,7 @@ check-description:
   image: badouralix/curl-jq
   script:
     - |
-      route="$CI_API_V4_URL/projects/$CI_PROJECT_ID"
+      route="https://gitlab.com/api/v4/projects/$CI_PROJECT_ID"
       desc=`curl --silent $route | jq '.description'`
       if [ "$desc" = "null" ]; then
         echo "Description not set. Please set a projet description"
@@ -36,8 +29,6 @@ check-description:
       else
         echo "Description set"
       fi
-  rules:
-    - if: $CI_SERVER_HOST =~ /gitlab.com/
 
 # Ensure that a `README.md` exists in the root directory as it represents the
 # documentation for the whole components repository.

CODEOWNERS

@@ -1 +0,0 @@
-* @gitlab-org/secure/secret-detection

LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2023 GitLab Inc.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

README.md

@@ -13,18 +13,16 @@ keyword.
 
 ```yaml
 include:
-  - component: gitlab.com/components/secret-detection/secret-detection@<VERSION>
+  - component: gitlab.com/gitlab-components/secret-detection/job@<VERSION>
 ```
 
 where `<VERSION>` is the latest released tag or `main`.
 
-This component will add a `secret_detection` job to the pipeline.
-
 If you are converting the configuration to use components and want to leverage the existing variable `$SECRET_DETECTION_DISABLED` you could conditionally include the component using the variable:
 
 ```yaml
 include:
-  - component: gitlab.com/components/secret-detection/secret-detection@main
+  - component: gitlab.com/gitlab-components/secret-detection/job@main
     rules:
       - if: $SECRET_DETECTION_DISABLED == "true" || $SECRET_DETECTION_DISABLED == "1"
         when: never
@@ -40,7 +38,7 @@ This assumes `SECRET_DETECTION_DISABLED` variable is already defined in `.gitlab
 | ----- | ------------- | ----------- |
 | `stage` | `test` | The stage where you want the job to be added. |
 | `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Override the name of the Docker registry providing the default images (proxy). |
-| `image_tag` | `7` | Override the default version of the `secrets` analyzer image. |
+| `image_tag` | `5` | Override the default version of the `secrets` analyzer image. |
 | `image_suffix` | `""` | Suffix added to the image name. If set to -fips, [FIPS-enabled images](https://docs.gitlab.com/ee/user/application_security/secret_detection/#use-fips-enabled-images) are used for scan. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355519) in GitLab 14.10. |
 
 ### Variables
@@ -52,7 +50,3 @@ You can customize secret detection by defining the following CI/CD variables:
 | `SECRET_DETECTION_EXCLUDED_PATHS` | Exclude vulnerabilities from output based on the paths. The paths are a comma-separated list of patterns. Patterns can be globs (see [doublestar.Match](https://pkg.go.dev/github.com/bmatcuk/doublestar/v4@v4.0.2#Match) for supported patterns), or file or folder paths (for example, `doc,spec`). Parent directories also match patterns. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/225273) in GitLab 13.3. |
 | `SECRET_DETECTION_HISTORIC_SCAN` | Flag to enable a historic Gitleaks scan. |
 | `SECRET_DETECTION_LOG_OPTIONS` | [`git log`](https://git-scm.com/docs/git-log) options used to define commit ranges. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/350660) in GitLab 15.1. |
-
-## Contribute
-
-Please read about CI/CD components and best practices at: https://docs.gitlab.com/ee/ci/components 

templates/job.yml

@@ -5,7 +5,7 @@ spec:
     image_prefix:
       default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
     image_tag:
-      default: '7'
+      default: '5'
     image_suffix:
       default: ""
 ---