Scanning For Secrets In A GitLab Pipeline

Reference: https://stackoverflow.com/questions/73665289/gitlab-secret-detection-how-to-test-it-works

Step 1: Create .gitlab-ci.yml with following pipeline code.

stages:          
  - secret_scan

Secrets Detector:
  stage: secret_scan
  image:
    name: "registry.gitlab.com/gitlab-org/security-products/analyzers/secrets"
  needs: []
  only:
    - branches
  before_script:
    - apk add jq
  script:
    - /analyzer run
    - cat gl-secret-detection-report.json | jq '.'
    - if [[ $(jq '.vulnerabilities | length > 0' gl-secret-detection-report.json) == "true" ]]; then echo "secrets found" && exit 1; fi

Step 2: Commit a file with some dummy secret value. This will trigger the pipeline and secret will be detected which will cause pipline failure.