Scan all repositories for secrets

First of all, I know about the secret detection with the pipeline. But the problem is, that you have to manually add the pipeline to each repository.

We have a self-hosted GitLab Enterprise Edition (v16.0.2-ee) and what we need is something like a plugin that scans repositories for secrets, passwords, … by default (without setting up the pipeline). I thought about something like the new code scanning like GitHub has (if you have a GitHub organization, check out Settings > Code security and analysis > Secret scanning or check this link).

Is there any tool/ plugin/ setting that allows me to do this by default for all repos in my GitLab instance?

For free and premium users you have to specify pipeline in each project, for ultimate users you can use compliance pipelines

1 Like