- name: "Secret Detection configuration variables deprecated" announcement_milestone: "14.8" announcement_date: "2022-02-22" removal_milestone: "15.0" removal_date: "2022-05-22" breaking_change: false reporter: connorgilbert body: | # Do not modify this line, instead modify the lines below. To make it simpler and more reliable to [customize GitLab Secret Detection](https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings), we're deprecating some of the variables that you could previously set in your CI/CD configuration. The following variables currently allow you to customize the options for historical scanning, but interact poorly with the [GitLab-managed CI/CD template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml) and are now deprecated: - `SECRET_DETECTION_COMMIT_FROM` - `SECRET_DETECTION_COMMIT_TO` - `SECRET_DETECTION_COMMITS` - `SECRET_DETECTION_COMMITS_FILE` The `SECRET_DETECTION_ENTROPY_LEVEL` previously allowed you to configure rules that only considered the entropy level of strings in your codebase, and is now deprecated. This type of entropy-only rule created an unacceptable number of incorrect results (false positives) and is no longer supported. In GitLab 15.0, we'll update the Secret Detection [analyzer](https://docs.gitlab.com/ee/user/application_security/terminology/#analyzer) to ignore these deprecated options. You'll still be able to configure historical scanning of your commit history by setting the [`SECRET_DETECTION_HISTORIC_SCAN` CI/CD variable](https://docs.gitlab.com/ee/user/application_security/secret_detection/#available-cicd-variables). For further details, see [the deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/352565). # The following items are not published on the docs page, but may be used in the future. stage: Secure tiers: [Free, Silver, Gold, Core, Premium, Ultimate] issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352565