[go: up one dir, main page]
Skip to content

Secret detection job based on analyzer v7.10.0 scans .git directory

In an arbitrary project with no other relevant changes, the analyzer started scanning the .git. directory. However on 7.9 it was not observed

now:

INFO] [secrets] [2025-08-06T06:25:49Z] ▶ GitLab secrets analyzer v7.10.0
[INFO] [secrets] [2025-08-06T06:25:49Z] ▶ Using secret detection rules version "0.12.0" from "https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules/-/releases/v0.12.0"
[INFO] [secrets] [2025-08-06T06:25:49Z] ▶ Detecting project
[INFO] [secrets] [2025-08-06T06:25:49Z] ▶ Analyzer will attempt to analyze all projects in the repository
[INFO] [secrets] [2025-08-06T06:25:49Z] ▶ Loading ruleset for /builds/iptiq/uc/user
[WARN] [secrets] [2025-08-06T06:25:49Z] ▶ /builds/iptiq/uc/user/.gitlab/secret-detection-ruleset.toml not found, ruleset customization will be disabled.
[INFO] [secrets] [2025-08-06T06:25:49Z] ▶ Running analyzer
[INFO] [secrets] [2025-08-06T06:25:50Z] ▶ 
[INFO] [secrets] [2025-08-06T06:25:50Z] ▶     ○
[INFO] [secrets] [2025-08-06T06:25:50Z] ▶     │╲
[INFO] [secrets] [2025-08-06T06:25:50Z] ▶     │ ○
[INFO] [secrets] [2025-08-06T06:25:50Z] ▶     ○ ░
[INFO] [secrets] [2025-08-06T06:25:50Z] ▶     ░    gitleaks
[INFO] [secrets] [2025-08-06T06:25:50Z] ▶ 
[INFO] [secrets] [2025-08-06T06:25:50Z] ▶ 6:25AM INF scanned ~3865822 bytes (3.87 MB) in 82.2ms
[INFO] [secrets] [2025-08-06T06:25:50Z] ▶ 6:25AM WRN leaks found: 2
[INFO] [secrets] [2025-08-06T06:25:50Z] ▶ Creating report
[INFO] [2025-08-06T06:25:50Z] ▶ /builds/iptiq/uc/user/gl-report-post.json written

Produces the report that contains:

 "description": "A GitLab CI/CD job token was identified. Job tokens are used to execute functionality in the context of a pipeline\njob. In most cases job tokens have limited privileges and can only be used to read from the repository where the\npipeline executes from. External projects can grant access to job tokens from other projects. A malicious actor has a\nlimited timeframe to use this token to attempt to access the repository.\n\nFor general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nBecause job tokens are short lived, there is no revocation process, it is no longer available after the job that created\nit completes.\n\nFor more details on exactly what a job token is allowed to access, please see [GitLabs documentation on job tokens](https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html).",
      "cve": ".git/config:123:gitlab_ci_build_token",
      "severity": "Critical",
      "confidence": "Unknown",
      "raw_source_code_extract": "glcbt-...",
      "scanner": {
        "id": "gitleaks",
        "name": "Gitleaks"
      },
      "location": {
        "file": ".git/config",
        "commit": {
          "sha": "0000000"
        },
        "start_line": 13
      },

Before on 7.9

[INFO] [secrets] [2025-08-05T11:16:57Z] ▶ GitLab secrets analyzer v7.9.0
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶ Using secret detection rules version "0.12.0" from "https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules/-/releases/v0.12.0"
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶ Detecting project
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶ Analyzer will attempt to analyze all projects in the repository
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶ Loading ruleset for /builds/iptiq/uc/user
[WARN] [secrets] [2025-08-05T11:16:57Z] ▶ /builds/iptiq/uc/user/.gitlab/secret-detection-ruleset.toml not found, ruleset customization will be disabled.
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶ Running analyzer
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶ 
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶     ○
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶     │╲
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶     │ ○
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶     ○ ░
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶     ░    gitleaks
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶ 
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶ 11:16AM INF scanned ~2754418 bytes (2.75 MB) in 64.4ms
[INFO] [secrets] [2025-08-05T11:16:57Z] ▶ 11:16AM INF no leaks found

I tag the maintainers from that repo please, maybe they figure it quicker

cc @craigmsmith @vbhat161

Edited by 🤖 GitLab Bot 🤖