In order to implement secrets detector via pipeline on merge requests in my GitLab repository, I followed this document from GitLab here: "Enable Secret Detection | Edit the .gitlab.ci.yml file manually"
But the pipeline doesn't fail if any secrets are detected. Also, it just checks the last commit in the merge request which makes it useless.
How to handle both issues?
I created a file named
.gitlab-ci.yml
on the root level in the repository using the following code:This code not only fails the pipeline if any secret is detected but also checks all the commits in the source branch of the merge request till last commit.
Bonus: If you want to skip ignorable secrets, you can add
.gitleaks.toml
file on the root level of repository as follows: