Commit c49cc482 authored by elmar's avatar elmar
Browse files

add: secret detection

parent b77e731d
Pipeline #673 failed with stages
in 16 seconds
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
image: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
variables:
TF_ROOT: "${CI_PROJECT_DIR}"
......@@ -22,6 +15,7 @@ cache:
before_script:
- cd ${TF_ROOT}
stages:
- secrets-detection
- prepare
- validate
- build
......@@ -58,5 +52,9 @@ apply:
when: manual
rules:
- if: "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH"
include:
- template: Security/Secret-Detection.gitlab-ci.yml
gitleaks:
stage: secrets-detection
image:
name: "zricethezav/gitleaks"
entrypoint: [""]
script: gitleaks -v --pretty --repo-path . --commit-from=$CI_COMMIT_SHA --commit-to=$CI_COMMIT_BEFORE_SHA --branch=$CI_COMMIT_BRANCH
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment