0

I have successfully set up and run the SAST scanner on a kubernetes gitlab-runner. I'm now configuring secrets detection which fails to produce a report. Any help is appreciated

Details:

Secret Detection is not producing a report. The pipeline stage is run and exits with "Job succeeded" but does not produce a report. FYI, the pipeline does produce a SAST report (gl-sast-report.json )

Error:

Uploading artifacts for successful job 00:01 Uploading artifacts... WARNING: gl-secret-detection-report.json: no matching files. Ensure that the artifact path is relative to the working directory (/builds/irad/webrtcpoc) ERROR: No files to upload Cleaning up project directory and file based variables 00:01 Job succeeded

To reproduce:

Add 2 files in the repository's root folder. One is named id_rsa with a (bogus) certificate and the second is a Python script with lines like these:

test_key = "glrt-6WPHi5xxxG6nU2xr5dsR" password = "password123" badUrl = "https://gitlagb.example.com?secret-token=glrt-XXXXi5jobG6nU2xr5qhT"

Run pipeline

Configuration:

The pipeline includes the templates

- template: Security/SAST.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml

and defines the job

secret_detection: stage: security script: - echo "Running Secrete detection...." tags: - SAST

Versions

  • Gitalb:

    gitlab-rake gitlab:env:info

    System information System: Current User: git Using RVM: no Ruby Version: 3.2.5 Gem Version: 3.6.3 Bundler Version:2.5.11 Rake Version: 13.0.6 Redis Version: 7.0.15 Sidekiq Version:7.2.4 Go Version: unknown

    GitLab information Version: 17.9.2 Revision: 3ddc2ace157 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 14.17 URL: https://gitlab.XXXX.com HTTP Clone URL: https://gitlab.XXXX.com/some-group/some-project.git SSH Clone URL: [email protected]:some-group/some-project.git Using LDAP: yes Using Omniauth: yes Omniauth Providers:

    GitLab Shell Version: 14.40.0 Repository storages:

    • default: unix:/var/opt/gitlab/gitaly/gitaly.socket GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell

    Gitaly

    • default Address: unix:/var/opt/gitlab/gitaly/gitaly.socket
    • default Version: 17.9.2
    • default Git Version: 2.47.2

  • GitLab Runner:

    gitlab-runner --version

    Version: 17.10.1 Git revision: ef334dcc Git branch: 17-10-stable GO version: go1.23.6 X:cacheprog Built: 2025-03-26T12:24:33Z OS/Arch: linux/amd64

Both gitlab and gitlab-runner are install on Rocky 9.5 virtual machines.

Improve this question
Load 4 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.