GitLab has released version 11.9 of its popular devops platform. A noteworthy new feature of 11.9 is what GitLab calls secret detection. Secret detection is a new check that scans repository contents for API keys and other secret information. If the scan shows a leak of such content, the user will be warned.
"A recurring problem when developing applications is that developers may unintentionally commit secrets and credentials to their remote repositories," Kenny Johnston, GitLab Direct of Product, commented in a blog post announcement. "If other people have access to the source, or if the project is public, the sensitive information is then exposed and can be leveraged by malicious users to gain access to resources like deployment environments."
Secret detection is an included feature within GitLab's SAST functionality. Users that already have SAST enabled will automatically benefit from the new feature. Secret detection is also included in Auto DevOps default configuration.
Once secret detection is enabled, each commit is scanned by a continuous integration/continuous delivery and deployment job. The scan ensures that no secrets are presented. If a secret is detected, the developer is alerted in the merge request. This enables developers to take remedial action. Such action typically includes invalidating leaked credentials and the generation of new credentials.
GitLab's new feature arrives on the heels of a recent report regarding rampant secret leaks from GitHub. The researchers of that report indicate that such leaks are not limited to GitHub. Johnston's comments regarding the need for secret detection support that conclusion. Check out all 11.9 updates and features at the GitLab blog.