Add Secret Detection to the Scanning Logic (!872) · Merge requests · OSDU Software / OSDU Data Platform / CI-CD Pipelines

David Diederich requested to merge add-secret-detection into master Mar 14, 2023

Closes osdu/platform/security-and-compliance/home#144 (closed)

This adds the GitLab Ultimate Secret Detection scanning to the standard scan suite.

The multi pipeline test is generated by finding every OSDU project that includes the gitlab-ultimate.yml file and triggering them from another project. The tests are run on a separate branch of the services / libraries, which is modified to run only the portions of the CI logic that we want to test.

Regarding the failures of the multi-pipeline test:

OPC-UA Ingestion is failing to compile, which prevents the secret scanner from even running
csv-parser has invalid YAML. Likely an artifact of trying trim down the CI pipeline to be GitLab Ultimate scanners and compile steps only
Legal is failing on spotbugs. This MR removed the spotbugs definitions, since GitLab deprecated it for Java. There's a groovy artifact triggering this, and we should likely address that separately.
Other projects are all passing the secret detection

Edited Mar 16, 2023 by David Diederich

Add Secret Detection to the Scanning Logic

Merge request reports