Commit d2cd17e6 authored by Kati Paizee's avatar Kati Paizee

Merge branch 'russell/improve-sd-docs-1' into 'master'

Improve introduction to Secret Detection

See merge request gitlab-org/gitlab!75312
parents 84b7184e 6dafc0e8
...@@ -8,35 +8,31 @@ info: To determine the technical writer assigned to the Stage/Group associated w ...@@ -8,35 +8,31 @@ info: To determine the technical writer assigned to the Stage/Group associated w
> [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) from GitLab Ultimate to GitLab Free in 13.3. > [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) from GitLab Ultimate to GitLab Free in 13.3.
A recurring problem when developing applications is that developers may unintentionally commit A recurring problem when developing applications is that people may accidentally commit secrets to
secrets and credentials to their remote repositories. If other people have access to the source, their remote Git repositories. Secrets include keys, passwords, API tokens, and other sensitive
or if the project is public, the sensitive information is then exposed and can be leveraged by information. Anyone with access to the repository could use the secrets for malicious purposes.
malicious users to gain access to resources like deployment environments. Secrets exposed in this way must be treated as compromised, and be replaced, which can be costly.
It's important to prevent secrets from being committed to a Git repository.
GitLab includes a check called Secret Detection. It scans the content of the repository Secret Detection uses the [Gitleaks](https://github.com/zricethezav/gitleaks) tool to scan the
to find API keys and other information that should not be there. repository for secrets. All identified secrets are reported in the:
GitLab displays identified secrets visibly in a few places: - Merge request widget
- [Security Dashboard](../security_dashboard/)
- Pipelines' **Security** tab - Pipelines' **Security** tab
- Report in the merge request widget - [Security Dashboard](../security_dashboard/)
![Secret Detection in merge request widget](img/secret_detection_v13_2.png) ![Secret Detection in merge request widget](img/secret_detection_v13_2.png)
## Use cases WARNING:
Secret Detection does not support scanning binary files.
- Detecting unintentional commit of secrets like keys, passwords, and API tokens.
- Performing a single or recurring scan of the full history of your repository for secrets.
## Supported secrets
Secret Detection detects a variety of common secrets by default. You can also customize the secret detection patterns using [custom rulesets](#custom-rulesets). ## Detected secrets
The [default ruleset](https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/gitleaks.toml) includes **90+ secret detection patterns**.
You can contribute "well-identifiable" secrets by follow the steps detailed in the [community contributions guidelines](https://gitlab.com/gitlab-org/gitlab/-/issues/345453).
WARNING: Secret Detection uses a [default ruleset](https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/gitleaks.toml)
Gitleaks does not support scanning binary files. containing more than 90 secret detection patterns. You can also customize the secret detection
patterns using [custom rulesets](#custom-rulesets). If you want to contribute rulesets for
"well-identifiable" secrets, follow the steps detailed in the
[community contributions guidelines](https://gitlab.com/gitlab-org/gitlab/-/issues/345453).
## Requirements ## Requirements
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment