GitLab: include nested subgroup projects when enumerating group repositories

CHANGELOG.md

@@ -2,6 +2,9 @@
 
 All notable changes to this project will be documented in this file.
 
+## [1.37.0]
+- GitLab: include nested subgroup projects when enumerating group repositories
+
 ## [1.36.0]
 - Fixed GitHub organization and GitLab group scans when using `--git-history=none`
 - JWT tokens without both `iss` and `aud` are no longer reported as active credentials

Cargo.toml

@@ -10,7 +10,7 @@ publish = false
 
 [package]
 name = "kingfisher"
-version = "1.36.0"
+version = "1.37.0"
 description = "MongoDB's blazingly fast secret scanning and validation tool"
 edition.workspace = true
 rust-version.workspace = true

src/cli/commands/inputs.rs

@@ -85,7 +85,7 @@ pub struct InputSpecifierArgs {
     )]
     pub gitlab_api_url: Url,
 
-    #[arg(long, default_value_t = GitLabRepoType::All)]
+    #[arg(long, default_value_t = GitLabRepoType::Owner)]
     pub gitlab_repo_type: GitLabRepoType,
 
     /// Jira base URL (e.g. https://jira.example.com)

src/gitlab.rs

@@ -100,7 +100,7 @@ pub async fn enumerate_repo_urls(
                 builder.membership(true);
             }
             RepoType::All => {
-                // nothing
+                //  this doesn’t set any owned() or membership() flags on the builder, which in GitLab’s API defaults to "all visible repos"
             }
         }
         
@@ -137,6 +137,8 @@ pub async fn enumerate_repo_urls(
     for group in groups {
         let mut gp_builder = GroupProjects::builder();
         gp_builder.group(group.id);
+        // Ensure projects from nested subgroups are also enumerated
+        gp_builder.include_subgroups(true);
 
         if matches!(repo_specifiers.repo_filter, RepoType::Owner) {
             gp_builder.owned(true);