GitLab Security Essentials Training

What's Included

Course Syllabus

TopicOverview
Introducing the Secure Stage
  • Features available in the Secure Stage
  • How Security Scanning Works with GitLab Flow
  • Types of Security Scans Available
  • Types of Security Reports Available
SAST, Secret Detection, and DAST
  • What is Static Application Security Testing (SAST)?
  • Steps for Using SAST
  • Enabling and Configuring SAST
  • Reviewing SAST Reports
  • Taking Action on SAST Findings
  • What is Secret Detection?
  • Steps for Using Secret Detection
  • Enabling and Configuring Secret Detection
  • What is Dynamic Application Security Testing (DAST)?
  • Steps for Using DAST
  • Enabling and Configuring DAST
  • Lab: Using SAST, Secret Detection, and DAST
Dependency Scanning
  • What is Dependency Scanning?
  • Steps for Using Dependency Scanning
  • Enable and Configure Dependency Scanning
  • Lab: Using Dependency Scanning
Container Scanning
  • What is Container Scanning?
  • Steps for Using Container Scanning
  • Enable and Configure Container Scanning
  • Lab: Using Container Scanning
License Compliance
  • What is License Compliance?
  • Steps for Using License Compliance
  • Enable and Configure License Compliance
  • Review Scanning Output and Reports
  • Lab: Enable, Configure, and Run License Compliance
Fuzz Testing
  • What is Fuzz Testing?
  • Steps for Using Fuzz Testing
  • Fuzz Testing workflow
  • Using a Fuzz Testing Corpus
  • Lab: Enable, Configure, and Run Fuzz Testing
IaC Scanning
  • What is IaC Scanning?
  • Steps for Using IaC Scanning
  • Enable and Configure Container Scanning
Compliance
  • Align with common compliance standards
  • Identify and enforce compliance requirements
  • Track security-related actions
  • Gather audit events for processing
  • Control what can be pushed to a repository