### Secret Detection basic features

If you’re using GitLab CI/CD, you can use Secret Detection to scan the repository for secrets which are accidentally commit by developers.  

Different features are available in different GitLab tiers, as shown in the following table:  

Capability | In Free | In Ultimate
-- | -- | --
Configure Secret Detection scanner | ✓ | ✓
Customize Secret Detection settings | ✓ | ✓
Download JSON Report | ✓ | ✓
Presentation of JSON Report in Merge Request | X | ✓
View identified secrets in the pipelines’ Security tab | X | ✓
Manage vulnerabilities | X | ✓
Access the Security Dashboard| X | ✓
Customize Secret Detection rulesets | X | ✓

https://docs.gitlab.com/ee/user/application_security/secret_detection/#summary-of-features-per-tier

#### Download JSON Report

Secret Detection outputs a report file in JSON format. The report file contains details of all found vulnerabilities. To download the report file, you can download the file from the CI/CD pipelines page.

![Download JSON format](./json-format-secret-free.png)  

Example project using Secret Detection: [Demo Secret Detection](https://jihulab.com/ultimate-plan/demo/secret-detection-demo/-/tree/1-test-secret-detection)