I’m using the default SAST templates (Guide here: GitLab Secure | GitLab) in our security stage and all of the template based jobs reveal a lot of environment information in the job log. Is there a way to turn this off to remove the clutter and also make the info leak less obvious?
Here’s an example:
Using Docker executor with image registry.gitlab.com/gitlab-org/security-products/analyzers/bandit:2 ... Pulling docker image registry.gitlab.com/gitlab-org/security-products/analyzers/bandit:2 ... Using docker image sha256:37b4cf20e11e62b342782bef4bff3415bb211c65e85920412c2644746505519d for registry.gitlab.com/gitlab-org/security-products/analyzers/bandit:2 with digest registry.gitlab.com/gitlab-org/security-products/analyzers/bandit@sha256:ab84edd2a0c5ea092f6fd19dfa64859ac4439f28f0a7657e3257d54c36fa9409 ... Preparing environment 00:01 + set -eo pipefail + set +o noclobber + : + eval 'echo "Running on $(hostname) via gitlab-runner-2-8f9b49f49-mrl5s..." ' +++ hostname ++ echo 'Running on runner-gsx5ewhl-project-386-concurrent-0 via gitlab-runner-2-8f9b49f49-mrl5s...' + exit 0 Running on runner-gsx5ewhl-project-386-concurrent-0 via gitlab-runner-2-8f9b49f49-mrl5s... Getting source from Git repository 00:15 + set -eo pipefail + set +o noclobber + : + eval 'export FF_CMD_DISABLE_DELAYED_ERROR_LEVEL_EXPANSION=$'\''false'\'' export FF_NETWORK_PER_BUILD=$'\''false'\'' export FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY=$'\''true'\'' [...]
All the exports and other info are being printed to the log, which in some cases may contain information unrelated to the job and also sensitive information.
Unfortunately I’m not very experienced in Gitlab CI definitions yet, so I’m a bit clueless as to what triggers this behaviour.
Any hint would be appreciated.