ggshield secret scan --verbose --ignore-known-secrets pre-receive --web options does not ignore known secrets on Gitlab IDE

Question

ggshield secret scan --verbose --ignore-known-secrets pre-receive --web options does not ignore known secrets on Gitlab IDE

hotpicksquad opened this issue a year ago · comments

hotpicksquad commented a year ago

Environment

ggshield version: 1.15.1 amd 1.14.3
Operating system (Linux, macOS, Windows): Gitlab IDE
Operating system version:
Python version:

Describe the bug

A clear and concise description of what the bug is.

Steps to reproduce:

In a pre-receive hook on the Gitlab server add the following command: ggshield secret scan --verbose --ignore-known-secrets pre-receive --web
Find an existing incident
In Gitlab IDE create a file with plaintext secret found in step 1 and commit the file.
The output of the errors ggshield is flaggin secrets already found:

Actual result:
GL-HOOK-ERR: ggshield found 1 incidents in these changes: Slack Webhook URL (Validity: Valid, apikey: "hooks.slack.***********************************************aMygjKFDf1P7")

Expected result:
Not sure what is the best way but we need to know that already existing secrets have been found.

If applicable, add logs or screenshots to help explain your problem.

Aurelien Gateau · Answer 1 · Tue May 30 2023 23:24:05 GMT+0800 (China Standard Time)

Hi, thanks for your report.

This bug has been fixed by #547, which is part of ggshield 1.16.0, released today.