Merge branch 'add-secret-detection-exclude' into 'master'

Add SECRET_DETECTION_EXCLUDED_PATHS env var

See merge request gitlab-org/gitlab!39523

changelogs/unreleased/add-secret-detection-exclude.yml

+---
+title: Add SECRET_DETECTION_EXCLUDED_PATHS env var
+merge_request: 39523
+author:
+type: added

doc/user/application_security/secret_detection/index.md

@@ -164,7 +164,7 @@ Secret Detection can be customized by defining available variables:
 |-------------------------|---------------|-------------|
 | `SECRET_DETECTION_COMMIT_FROM` | -     | The commit a Gitleaks scan starts at. |
 | `SECRET_DETECTION_COMMIT_TO` | -       | The commit a Gitleaks scan ends at. |
-| `SECRET_DETECTION_EXCLUDED_PATHS`         | `spec, test, tests, tmp` | Exclude vulnerabilities from output based on the paths. This is a comma-separated list of patterns. Patterns can be globs, or file or folder paths (for example, `doc,spec` ). Parent directories will also match patterns. |
+| `SECRET_DETECTION_EXCLUDED_PATHS` | "" | Exclude vulnerabilities from output based on the paths. This is a comma-separated list of patterns. Patterns can be globs, or file or folder paths (for example, `doc,spec` ). Parent directories will also match patterns. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/225273) in GitLab 13.3. |
 | `SECRET_DETECTION_HISTORIC_SCAN` | false | Flag to enable a historic Gitleaks scan. |
 
 ### Logging level

lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml

@@ -7,6 +7,8 @@
 variables:
   SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
   SECRETS_ANALYZER_VERSION: "3"
+  SECRET_DETECTION_EXCLUDED_PATHS: ""
+
 
 .secret-analyzer:
   stage: test