I have my pipeline on jenkins and source code mangement is on gitlab.
Can I trigger the secret detection on the gitlab from Jenkins, since the pipeline is on jenkins and secret detection is enabled for gitlab pipelines? And how could it be done?
Asked
Active
Viewed 17 times
1 Answers
0
Have you considered tying your scanners to commit/push events? Benefit would be a) 100% coverage b) shameless/blameless feedback to the developer so they can fix it without it being broadcast that they pushed a secret and 3) and detecting/mitigating before your pipeline (production code).
Not sure if Arnica.io cover's GitLab but their pipelineless approach is worth checking out: https://www.darkreading.com/dr-tech/how-to-reduce-code-risk-using-pipelineless-security
Simon
- 1
-
The idea is that I don't have that much of skills in Jenkins to be honest, so I would like to use the feature on GitLab without changing the posture of the entire pipeline and I am having a hard time with that – khalidwalamri Sep 01 '23 at 22:16