diff options
Diffstat (limited to 'doc/user/application_security/secret_detection/index.md')
| -rw-r--r-- | doc/user/application_security/secret_detection/index.md | 27 |
1 files changed, 8 insertions, 19 deletions
diff --git a/doc/user/application_security/secret_detection/index.md b/doc/user/application_security/secret_detection/index.md index 2e6de222ec3..ea2a66c7cc7 100644 --- a/doc/user/application_security/secret_detection/index.md +++ b/doc/user/application_security/secret_detection/index.md @@ -40,7 +40,7 @@ contains more than 100 patterns. Most Secret Detection patterns search for specific types of secrets. Many services add prefixes or other structural details to their secrets so they can be identified if they're leaked. -For example, GitLab [adds a `glpat-` prefix](../../admin_area/settings/account_and_limit_settings.md#personal-access-token-prefix) to project, group, and personal access tokens by default. +For example, GitLab [adds a `glpat-` prefix](../../../administration/settings/account_and_limit_settings.md#personal-access-token-prefix) to project, group, and personal access tokens by default. To provide more reliable, high-confidence results, Secret Detection only looks for passwords or other unstructured secrets in specific contexts like URLs. @@ -83,7 +83,7 @@ Secret Detection can detect if a secret was added in one commit and removed in a - Commit range - If the `SECRET_DETECTION_LOG_OPTS` variable is set, the secrets analyzer fetches the entire + If the `SECRET_DETECTION_LOG_OPTIONS` variable is set, the secrets analyzer fetches the entire history of the branch or reference the pipeline is being run for. Secret Detection then runs, scanning the commit range specified. @@ -621,7 +621,7 @@ The check is always on; you don't have to set it up. Your text is checked for the following secret types: - GitLab [personal access tokens](../../../security/token_overview.md#personal-access-tokens) - - If a [personal access token prefix](../../../user/admin_area/settings/account_and_limit_settings.md#personal-access-token-prefix) has been configured, a token using this prefix is checked. + - If a [personal access token prefix](../../../administration/settings/account_and_limit_settings.md#personal-access-token-prefix) has been configured, a token using this prefix is checked. - GitLab [feed tokens](../../../security/token_overview.md#feed-token) This feature is separate from Secret Detection scanning, which checks your Git repository for leaked secrets. @@ -629,21 +629,10 @@ This feature is separate from Secret Detection scanning, which checks your Git r ## Troubleshooting -### Set the logging level +### Debug-level logging -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10880) in GitLab 13.1. - -Set the logging level to `debug` when you need diagnostic information in a Secret Detection job log. - -WARNING: -Debug logging can be a serious security risk. The output may contain the content of environment -variables and other secrets available to the job. The output is uploaded to the GitLab server and -visible in job logs. - -1. In the `.gitlab-ci.yml` file, set the `SECURE_LOG_LEVEL` CI/CD variable to `debug`. -1. Run the Secret Detection job. -1. Analyze the content of the Secret Detection job. -1. In the `.gitlab-ci.yml` file, set the `SECURE_LOG_LEVEL` CI/CD variable to `info` (default). +Debug-level logging can help when troubleshooting. For details, see +[debug-level logging](../index.md#debug-level-logging). ### Warning: `gl-secret-detection-report.json: no matching files` @@ -661,8 +650,8 @@ For example, you could have a pipeline triggered from a merge request containing clone is not deep enough to contain all of the relevant commits. To verify the current value, see [pipeline configuration](../../../ci/pipelines/settings.md#limit-the-number-of-changes-fetched-during-clone). -To confirm this as the cause of the error, set the [logging level](#set-the-logging-level) to -`debug`, then rerun the pipeline. The logs should look similar to the following example. The text +To confirm this as the cause of the error, enable [debug-level logging](../index.md#debug-level-logging), +then rerun the pipeline. The logs should look similar to the following example. The text "object not found" is a symptom of this error. ```plaintext |