Gitlab project defined in Terraform does not prevent secrets
Description
In GitLab, administrators can turn on the capability to identify and block secrets in merge requests (MR).
Code Example
go
resource "gitlab_project" "example-two" {
...
push_rules {
...
+ prevent_secrets = true
}
}Remediation
Terraform
- Resource: gitlab_project
- Attribute: prevent_secrets
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1071 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_GLB_3 |