GitLab Security Essentials
In today's software landscape, ensuring application security is critical. This course focuses on using GitLab to integrate security practices into the development lifecycle. By understanding the importance of these practices, exploring GitLab's security and governance features, and learning to effectively implement them, you will be equipped to create and manage secure, high-quality applications that protect end-users and your organization.
Estimated Effort: 4 hours
Course Format: 10 self-paced lessons
Access Duration: Up to 6 months from day of registration
Prerequisites
The target candidate should have the following knowledge:
- GitLab with Git Essentials course or equivalent knowledge
- Continuous Integration and Delivery (CI/CD) with GitLab course or equivalent knowledge
- This course is not appropriate for students without any Git, GitLab, or GitLab CI/CD knowledge
Primary Audience
- Project managers, developers, DevSecOps engineers, and security specialists who are using GitLab with the Ultimate license
Learning Objectives
Upon completion of this self-paced course, learners will be able to:
- Describe why security needs to be incorporated into the software development lifecycle and the role GitLab plays in facilitating this process.
- Explain how GitLab's security and governance features are organized, and where they fit in the SDLC.
- Configure and use Static Application Security Testing (SAST) to identify vulnerabilities in source code.
- Implement Secret Detection to identify and prevent accidental expose of sensitive data in the codebase.
- Set up and execute Dynamic Application Security Testing (DAST) to discover and remediate potential vulnerabilities in running applications.
- Use Dependency Scanning to identify and manage vulnerabilities in project dependencies and third-party libraries.
- Configure and perform Container Scanning to detect security vulnerabilities in Docker images and container environments.
- Implement License Compliance to ensure software licenses are properly managed and tracked throughout the development process.
- Execute and interpret Fuzz testing results to identify problems in application code that may be missed by traditional testing methods.
- Use Infrastructure as Code (IaC) scanning to ensure secure and compliance infrastructure configurations throughout the development process.
- Effectively manage and prioritize vulnerabilities using GitLab's Vulnerability Management features, including risk assessment, mitigation, and remediation strategies. Implement policies for scan execution and result handling, ensuring adherence to organizational requirements and best practices.
Interactivity
This self-study course employs many different learning interactions including recorded demonstrations, hands-on exercises, and other activities to ensure you retain the knowledge and skills of this course.
Technical Requirements
- GitLab Access: Access to GitLab such as through the GitLab Demo Cloud environment is required for each attendee to participate in the hands-on activities.
- Browser: No Internet Explorer
- Runner Executor Needed: Shell needed to complete Hands On activities for this course. If a different executor is ready on your local machine, notify the instructor and we can plan on demoing the lab exercises.