summaryrefslogtreecommitdiff
path: root/data/deprecations/14-8-secret-detection-configurations.yml
diff options
context:
space:
mode:
Diffstat (limited to 'data/deprecations/14-8-secret-detection-configurations.yml')
-rw-r--r--data/deprecations/14-8-secret-detection-configurations.yml28
1 files changed, 28 insertions, 0 deletions
diff --git a/data/deprecations/14-8-secret-detection-configurations.yml b/data/deprecations/14-8-secret-detection-configurations.yml
new file mode 100644
index 00000000000..f9103c1cea3
--- /dev/null
+++ b/data/deprecations/14-8-secret-detection-configurations.yml
@@ -0,0 +1,28 @@
+- name: "Secret Detection configuration variables deprecated"
+ announcement_milestone: "14.8"
+ announcement_date: "2022-02-22"
+ removal_milestone: "15.0"
+ removal_date: "2022-05-22"
+ breaking_change: false
+ reporter: connorgilbert
+ body: | # Do not modify this line, instead modify the lines below.
+ To make it simpler and more reliable to [customize GitLab Secret Detection](https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings), we're deprecating some of the variables that you could previously set in your CI/CD configuration.
+
+ The following variables currently allow you to customize the options for historical scanning, but interact poorly with the [GitLab-managed CI/CD template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml) and are now deprecated:
+
+ - `SECRET_DETECTION_COMMIT_FROM`
+ - `SECRET_DETECTION_COMMIT_TO`
+ - `SECRET_DETECTION_COMMITS`
+ - `SECRET_DETECTION_COMMITS_FILE`
+
+ The `SECRET_DETECTION_ENTROPY_LEVEL` previously allowed you to configure rules that only considered the entropy level of strings in your codebase, and is now deprecated.
+ This type of entropy-only rule created an unacceptable number of incorrect results (false positives) and is no longer supported.
+
+ In GitLab 15.0, we'll update the Secret Detection [analyzer](https://docs.gitlab.com/ee/user/application_security/terminology/#analyzer) to ignore these deprecated options.
+ You'll still be able to configure historical scanning of your commit history by setting the [`SECRET_DETECTION_HISTORIC_SCAN` CI/CD variable](https://docs.gitlab.com/ee/user/application_security/secret_detection/#available-cicd-variables).
+
+ For further details, see [the deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/352565).
+# The following items are not published on the docs page, but may be used in the future.
+ stage: Secure
+ tiers: [Free, Silver, Gold, Core, Premium, Ultimate]
+ issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352565