gitlab-secret_detection 0.41.0 → 0.42.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2d6fbe477550dec732a5b0244a6603bd90bc0efbc2db2531eec989e584bec154
-  data.tar.gz: 8e910cfe09aaf1bf38c6f9e7540aefb9050424c0a08e151d290db8387e08c56e
+  metadata.gz: 6a583c94c37e2031d9c0ac6016db3ce14443ef1d3ef66b5dc920bca8a6c2cb04
+  data.tar.gz: 9d3f3fd64f1627beb0608d41b89e5c49f0a58f00d4fde340103be0995095dcd4
 SHA512:
-  metadata.gz: 572d2fe3e393b12ba48cf50b6d592fd9c1b4a529c64bf49055c72aaed72fbc60a0a514b50e4235974d5f640eab180a728a44a7e171dc022ae877043c27eafad9
-  data.tar.gz: 2d6eab9996307fea7df87a0f9739162f6b1c9e1bb761488dabf676e14f1666f9609befb84cd26a0827e97d1d528b734ddc3c6e04571e63b5c6d03a432a20127c
+  metadata.gz: 32fe69f21cdce71c2bfe1cbfbd310568cf58a97d62c507afe30f130e745806851b9fd1c5fa4e58ed4608eba0a1ffcd5c95f2452e25c73ce76e4ba216f551743b
+  data.tar.gz: 9b44d66f319e52393c1db3d923d2e20c40c81fa7a337c68f3ea492c2d571e1a7576332026e4f53dba59cf9b0efc000c91a4ba09e13d757b928ef7e96ff2feb77

data/lib/gitlab/secret_detection/core/secret_push_protection_rules.toml

@@ -1,4 +1,4 @@
-# rule-set version: 0.24.0
+# rule-set version: 0.24.3
 # Rules are auto-generated. See https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules for instructions on updating the rules.
 [[rules]]
 id = 'AdafruitIOKey'
@@ -189,6 +189,14 @@ remediation = "For general guidance on handling security incidents with regards
 tags = ['gitlab_blocking']
 keywords = ['ApiKey-v1']
 
+[[rules]]
+id = 'CircleCI access tokens'
+regex = '\bCCI(?:PAT|PRJ)_[a-zA-Z0-9]{22}_[a-f0-9]{40}\b'
+description = "A CircleCI project token was identified. CircleCI project tokens can be given one of three scopes:\n\n- Status\n- Read Only\n- Admin\n\nDepending on the access level of this detected token, a malicious actor with access to this token may be able to gain\nfull access to the project and CI/CD pipelines."
+title = 'CircleCI access token'
+remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo rotate a project token:\n\n- In the sidebar of the CircleCI application select Projects, then the ellipsis (...) next to your project, and select\n  \"Project Settings\".\n- Select API Permissions.\n- Select the \"X\" in the Remove column for the token you wish to replace. When the confirmation window appears, enter\n  the text DELETE in the form and then select \"Delete API Token\".\n- Select \"Create API Token\".\n- Choose the same scope used for the old token from the dropdown list.\n- In the Label field, type a label for the token. It can be the same name given to the old token.\n- Select \"Add API Token\".\n\nFor more information please see their [documentation on rotating project tokens](https://circleci.com/docs/managing-api-tokens/#rotating-a-project-api-token)."
+keywords = ['CCIPAT', 'CCIPRJ']
+
 [[rules]]
 id = 'ContentfulPersonalAccessToken'
 regex = '\bCFPAT-([a-zA-Z0-9_\-]){43}\b'

data/lib/gitlab/secret_detection/version.rb

@@ -5,7 +5,7 @@ module Gitlab
     class Gem
       # Ensure to maintain the same version in CHANGELOG file.
       # More details available under 'Release Process' section in the README.md file.
-      VERSION = "0.41.0"
+      VERSION = "0.42.0"
 
       # SD_ENV env var is used to determine which environment the
       # server is running. This var is defined in `.runway/env-<env>.yml` files.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-secret_detection
 version: !ruby/object:Gem::Version
-  version: 0.41.0
+  version: 0.42.0
 platform: ruby
 authors:
 - group::secret detection
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-04-28 00:00:00.000000000 Z
+date: 2026-06-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc