If the trufflehog verification of the gitlab scan command is active and a glpat is found its always verified againts gitlab.com. This suppresses glpat findings in case of self hosted gitlab instances.
If possible it should be verified against the gitlab instance configured in pipeleek. If this is not possible we should always report glpats e.g. by adding a builtin rule for all types of the gitlab tokens.
If the trufflehog verification of the gitlab scan command is active and a glpat is found its always verified againts gitlab.com. This suppresses glpat findings in case of self hosted gitlab instances.
If possible it should be verified against the gitlab instance configured in pipeleek. If this is not possible we should always report glpats e.g. by adding a builtin rule for all types of the gitlab tokens.