Hi, I have a question about Secret Detection. Is it possible to detect for example leaked unmasked CI variable in executed pipeline? For example I have a test job there I on purpose leak one token to test that out, let’s say it looks like this:
possible-leak:
stage: variable
script:
- echo “This should also trigger Secret Detection”
- echo $UNMASKED_VARIABLE # 123-123-123-123 (this what I want Secret Detection to spot)
- echo $MASKED_VARIABLE # [MASKED]
After that I include a template with secret detection:
include:
- template: Security/Secret-Detection.gitlab-ci.yml
Is it possible that Secret-Detection spots the leaked unmasked variable?
I tried this feature but it only worked with the source code, for example if I leak fake SSN on purpose.