Scanning For Secrets In A GitLab Pipeline

Vinayak Pandey
May 10, 2024

--

Reference: https://stackoverflow.com/questions/73665289/gitlab-secret-detection-how-to-test-it-works

Step 1: Create .gitlab-ci.yml with following pipeline code.

stages:          
- secret_scan

Secrets Detector:
stage: secret_scan
image:
name: "registry.gitlab.com/gitlab-org/security-products/analyzers/secrets"
needs: []
only:
- branches
before_script:
- apk add jq
script:
- /analyzer run
- cat gl-secret-detection-report.json | jq '.'
- if [[ $(jq '.vulnerabilities | length > 0' gl-secret-detection-report.json) == "true" ]]; then echo "secrets found" && exit 1; fi

Step 2: Commit a file with some dummy secret value. This will trigger the pipeline and secret will be detected which will cause pipline failure.

--

--

Vinayak Pandey
Vinayak Pandey

Written by Vinayak Pandey

Experienced Cloud Engineer with a knack of automation. Linkedin profile: https://www.linkedin.com/in/vinayakpandeyit/

No responses yet