Skip to content

Add Secret Detection to the Scanning Logic

David Diederich requested to merge add-secret-detection into master

Closes osdu/platform/security-and-compliance/home#144 (closed)

This adds the GitLab Ultimate Secret Detection scanning to the standard scan suite.

The multi pipeline test is generated by finding every OSDU project that includes the gitlab-ultimate.yml file and triggering them from another project. The tests are run on a separate branch of the services / libraries, which is modified to run only the portions of the CI logic that we want to test.

Regarding the failures of the multi-pipeline test:

  • OPC-UA Ingestion is failing to compile, which prevents the secret scanner from even running
  • csv-parser has invalid YAML. Likely an artifact of trying trim down the CI pipeline to be GitLab Ultimate scanners and compile steps only
  • Legal is failing on spotbugs. This MR removed the spotbugs definitions, since GitLab deprecated it for Java. There's a groovy artifact triggering this, and we should likely address that separately.
  • Other projects are all passing the secret detection
Edited by David Diederich

Merge request reports

Loading