diff options
Diffstat (limited to 'lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml')
-rw-r--r-- | lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml | 48 |
1 files changed, 4 insertions, 44 deletions
diff --git a/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml index c255fb4707a..d4ea7165d0a 100644 --- a/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml @@ -1,45 +1,5 @@ -# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/secret_detection -# -# Configure the scanning tool through the environment variables. -# List of the variables: https://docs.gitlab.com/ee/user/application_security/secret_detection/#available-variables -# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables +# This template moved to Jobs/Secret-Detection.gitlab-ci.yml in GitLab 14.0 +# Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/292977 -variables: - SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers" - SECRETS_ANALYZER_VERSION: "3" - SECRET_DETECTION_EXCLUDED_PATHS: "" - - -.secret-analyzer: - stage: test - image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION" - services: [] - allow_failure: true - # `rules` must be overridden explicitly by each child job - # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444 - artifacts: - reports: - secret_detection: gl-secret-detection-report.json - -secret_detection_default_branch: - extends: .secret-analyzer - rules: - - if: $SECRET_DETECTION_DISABLED - when: never - - if: $CI_DEFAULT_BRANCH == $CI_COMMIT_BRANCH - script: - - /analyzer run - -secret_detection: - extends: .secret-analyzer - rules: - - if: $SECRET_DETECTION_DISABLED - when: never - - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH - script: - - if [[ $CI_COMMIT_TAG ]]; then echo "Skipping Secret Detection for tags. No code changes have occurred."; exit 0; fi - - git fetch origin $CI_DEFAULT_BRANCH $CI_COMMIT_REF_NAME - - git log --left-right --cherry-pick --pretty=format:"%H" refs/remotes/origin/$CI_DEFAULT_BRANCH...refs/remotes/origin/$CI_COMMIT_REF_NAME > "$CI_COMMIT_SHA"_commit_list.txt - - export SECRET_DETECTION_COMMITS_FILE="$CI_COMMIT_SHA"_commit_list.txt - - /analyzer run - - rm "$CI_COMMIT_SHA"_commit_list.txt +include: + template: Jobs/Secret-Detection.gitlab-ci.yml |