Security

Security

Long list of security features

Many are only in Ultimate:

• Dependency scanning based on gemnasium
• Dynamic Application Security Testing (DAST) based on the OWASP Zed Attack Proxy
• Security dashboards

Available in all tiers:

• Container scanning based on trivy and grype
• Secret detection based on gitleaks
• Static Application Security Testing (SAST) based on language specific tools

Hands-On: Secret detection

GitLab automatically adds a job in the stage called test

1. Add include:

    include:
    - template: Security/Secret-Detection.gitlab-ci.yml
   

2. Check pipeline
3. Check report

Hands-On: SAST

GitLab automatically adds jobs in the stage called test

1. Enable SAST:

    include:
    - template: Security/SAST.gitlab-ci.yml
   

2. Check pipeline
3. Check reports

See final .gitlab-ci.yml:

git checkout origin/160_gitlab_ci/280_security -- '*'