GitLab Security Essentials
This course covers all of the essential security capabilities of GitLab, including Static Application Security Testing, secret detection, Dynamic Application Security Testing, dependency scanning, container scanning, license compliance, and fuzz testing.
This self-study course employs many different learning interactions including recorded demonstrations, hands-on exercises, and other activities to ensure you retain the knowledge and skills of this course.
- Estimated Effort
- Course Format
- Access Duration
- 4 1/2 hours
- 9 self-paced lessons
- Up to 60 days to complete from day of registration
Prerequisites
The target candidate should have the following knowledge:
- GitLab with Git Essentials course or equivalent knowledge
- Continuous Integration and Delivery (CI/CD) with GitLab course or equivalent knowledge
- This course is not appropriate for students without any Git, GitLab, or GitLab CI/CD knowledge
Primary Audience
- Project managers, developers, DevSecOps engineers, and security specialists who are using GitLab with the Ultimate license
Learning Objectives
Upon completion of this self-paced course, learners will be able to:
- Explain how security scanning fits into GitLab flow
- Describe the types of scanners GitLab provides
- Utilize GitLab’s vulnerability management feature
- Utilize and configure all 3 scanners in a pipeline and view their reports
- Explain what Dependency Scanning is
- Utilize and configure Dependency Scanning in a GitLab pipeline
- View the different Dependency Scanning reports
- Explain what Container Scanning is
- Utilize Container Scanning in a GitLab pipeline
- Explain what License Compliance is
- Utilize License Compliance in a GitLab pipeline
- Explain what fuzz testing is
- Utilize fuzz testing in a pipeline
- Explain what infrastructure as code (IaC) scanning is
- Utilize and configure IaC scanning in a GitLab pipeline
Technical Requirements
- GitLab Access: Access to GitLab such as through the GitLab Demo Cloud environment is required for each attendee to participate in the hands-on activities.
- Browser: No Internet Explorer
- Runner Executor Needed: Shell needed to complete Hands On activities for this course. If a different executor is ready on your local machine, notify the instructor and we can plan on demoing the lab exercises.