[{"data":1,"prerenderedAt":1451},["ShallowReactive",2],{"/de-de/blog/complete-guide-to-gitlab-container-scanning":3,"navigation-de-de":673,"banner-de-de":1100,"footer-de-de":1108,"blog-post-authors-de-de-Fernando Diaz":1349,"blog-related-posts-de-de-complete-guide-to-gitlab-container-scanning":1364,"blog-promotions-de-de":1388,"next-steps-de-de":1441},{"id":4,"title":5,"authors":6,"body":8,"category":653,"date":654,"description":655,"extension":656,"externalUrl":657,"featured":658,"heroImage":659,"meta":660,"navigation":658,"path":661,"seo":662,"slug":667,"stem":668,"tags":669,"template":671,"updatedDate":657,"__hash__":672},"blogPosts/de-de/blog/complete-guide-to-gitlab-container-scanning.md","Container Scanning in GitLab: fünf Methoden für sichere Container",[7],"Fernando Diaz",{"type":9,"value":10,"toc":637},"minimark",[11,16,20,23,28,31,34,38,41,46,77,80,85,109,120,124,133,140,143,149,156,159,163,172,178,185,191,197,204,213,216,220,228,235,242,246,273,279,283,293,299,306,310,333,336,340,357,361,383,386,390,393,396,400,422,425,429,444,451,469,473,476,480,488,494,502,508,512,519,525,529,607,610,614,623,626],[12,13,15],"h1",{"id":14},"container-scanning-in-gitlab-der-vollständige-leitfaden","Container Scanning in GitLab: der vollständige Leitfaden",[17,18,19],"p",{},"Schwachstellen in Containern warten nicht auf das nächste Deployment. Sie können jederzeit auftreten – beim Erstellen eines Images ebenso wie während des Betriebs in der Produktion. GitLab begegnet dieser Realität mit mehreren Ansätzen zum Container Scanning, die jeweils auf eine bestimmte Phase im Lebenszyklus eines Containers zugeschnitten sind.",[17,21,22],{},"Dieser Leitfaden stellt die verschiedenen Arten des Container Scannings in GitLab vor, zeigt, wie sich jede aktivieren lässt, und erläutert die wichtigsten Konfigurationsmöglichkeiten für den Einstieg.",[24,25,27],"h2",{"id":26},"warum-container-scanning-zählt","Warum Container Scanning zählt",[17,29,30],{},"Sicherheitslücken in Container-Images bergen Risiken über den gesamten Anwendungslebenszyklus hinweg. Basis-Images, Betriebssystempakete und Anwendungsabhängigkeiten können allesamt Schwachstellen enthalten, die aktiv ausgenutzt werden. Container Scanning erkennt diese Risiken frühzeitig – bevor sie die Produktion erreichen – und zeigt, sofern verfügbar, Wege zur Behebung auf.",[17,32,33],{},"Container Scanning ist ein zentraler Bestandteil der Software Composition Analysis (SCA) und hilft dabei, die externen Abhängigkeiten containerisierter Anwendungen zu verstehen und abzusichern.",[24,35,37],{"id":36},"die-fünf-arten-des-container-scannings-in-gitlab","Die fünf Arten des Container Scannings in GitLab",[17,39,40],{},"GitLab bietet fünf unterschiedliche Ansätze für das Container Scanning, die jeweils einem bestimmten Zweck innerhalb einer Sicherheitsstrategie dienen.",[42,43,45],"h3",{"id":44},"_1-pipeline-basiertes-container-scanning","1. Pipeline-basiertes Container Scanning",[47,48,49,57,63,69],"ul",{},[50,51,52,56],"li",{},[53,54,55],"strong",{},"Funktion:"," Scannt Container-Images während der Ausführung der CI/CD-Pipeline und erkennt Schwachstellen vor dem Deployment",[50,58,59,62],{},[53,60,61],{},"Geeignet für:"," Shift-Left-Sicherheit; verhindert, dass anfällige Images die Produktion erreichen",[50,64,65,68],{},[53,66,67],{},"Verfügbarkeit:"," Free, Premium und Ultimate (mit erweitertem Funktionsumfang in Ultimate)",[50,70,71],{},[72,73,76],"a",{"href":74,"rel":75},"https://docs.gitlab.com/user/application_security/container_scanning/",[],"Dokumentation",[17,78,79],{},"GitLab nutzt den Sicherheitsscanner Trivy, um Container-Images auf bekannte Schwachstellen zu untersuchen. Beim Durchlauf der Pipeline analysiert der Scanner die Images und erstellt einen detaillierten Bericht.",[81,82,84],"h4",{"id":83},"pipeline-basiertes-container-scanning-aktivieren","Pipeline-basiertes Container Scanning aktivieren",[17,86,87,88,91,92,95,96,100,101,104,105,108],{},"Für die Aktivierung gibt es zwei Wege. Über ",[53,89,90],{},"Secure > Security configuration"," im Projekt lässt sich in der Zeile „Container Scanning“ per ",[53,93,94],{},"Configure with a merge request"," automatisch ein Merge Request mit der nötigen Konfiguration erzeugen. Alternativ kann das Template ",[97,98,99],"code",{},"Jobs/Container-Scanning.gitlab-ci.yml"," direkt in die ",[97,102,103],{},".gitlab-ci.yml"," eingebunden werden. Die vollständige Syntax und alle Variablen finden sich in der ",[72,106,76],{"href":74,"rel":107},[],".",[17,110,111,112,115,116,119],{},"Für gängige Anpassungen stehen CI/CD-Variablen bereit: Über ",[97,113,114],{},"CS_IMAGE"," lässt sich ein bestimmtes zu scannendes Image festlegen, über ",[97,117,118],{},"CS_SEVERITY_THRESHOLD"," ein Schwellenwert für den Schweregrad – wird dieser etwa auf „HIGH“ gesetzt, erscheinen nur Schwachstellen ab dem Schweregrad „High“.",[81,121,123],{"id":122},"schwachstellen-im-merge-request-anzeigen","Schwachstellen im Merge Request anzeigen",[17,125,126,127,132],{},"Werden gefundene Schwachstellen direkt im Merge Request angezeigt, wird die Sicherheitsprüfung Teil des Reviews. Sobald Container Scanning in der Pipeline konfiguriert ist, zeigt GitLab erkannte Schwachstellen automatisch im ",[72,128,131],{"href":129,"rel":130},"https://docs.gitlab.com/user/project/merge_requests/widgets/#application-security-scanning",[],"Security-Widget"," des Merge Requests an.",[17,134,135],{},[136,137],"img",{"alt":138,"src":139,"title":138},"Im Merge Request angezeigte Container-Scanning-Schwachstellen","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772547514/lt6elcq6jexdhqatdy8l.png",[17,141,142],{},"Im Abschnitt „Security Scanning“ eines Merge Requests erscheint eine Übersicht neu eingeführter und bereits bestehender Schwachstellen in den Container-Images. Ein Klick auf eine einzelne Schwachstelle öffnet die Detailansicht mit Schweregrad, betroffenen Paketen und – sofern vorhanden – Hinweisen zur Behebung.",[17,144,145],{},[136,146],{"alt":147,"src":148,"title":147},"Detailansicht einer Schwachstelle im Merge Request","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772547514/hplihdlekc11uvpfih1p.png",[17,150,151],{},[136,152],{"alt":153,"src":154,"title":155},"Weitere Detailansicht einer Container-Scanning-Schwachstelle im Merge Request","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772547513/jnxbe7uld8wfeezboifs.png","Detailansicht einer Container-Scanning-Schwachstelle im Merge Request",[17,157,158],{},"So lassen sich Schwachstellen in Containern erkennen und beheben, bevor sie die Produktion erreichen – als integraler Teil des Code-Reviews statt als vorgelagerte, separate Prüfung.",[81,160,162],{"id":161},"schwachstellen-im-vulnerability-report-einsehen","Schwachstellen im Vulnerability Report einsehen",[17,164,165,166,171],{},"Über den Merge Request hinaus bietet GitLab einen zentralen ",[72,167,170],{"href":168,"rel":169},"https://docs.gitlab.com/user/application_security/vulnerability_report/",[],"Vulnerability Report",", der Sicherheitsteams einen projektweiten Überblick über alle Container-Scanning-Ergebnisse gibt.",[17,173,174],{},[136,175],{"alt":176,"src":177,"title":176},"Nach Container Scanning gefilterter Vulnerability Report","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772547524/gagau279fzfgjpnvipm5.png",[17,179,180,181,184],{},"Erreichbar ist der Bericht über ",[53,182,183],{},"Security & Compliance > Vulnerability Report"," in der Projekt-Seitenleiste. Er bündelt alle in den Branches erkannten Container-Schwachstellen und lässt sich nach Schweregrad, Status, Scanner-Typ oder einzelnen Container-Images filtern. Ein Klick auf eine Schwachstelle führt zur zugehörigen Detailseite.",[17,186,187],{},[136,188],{"alt":189,"src":190,"title":189},"Vulnerability-Detailseite, erste Ansicht","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772547520/e1woxupyoajhrpzrlylj.png",[17,192,193],{},[136,194],{"alt":195,"src":196,"title":195},"Vulnerability-Detailseite, zweite Ansicht","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772547521/idzcftcgjc8eryixnbjn.png",[17,198,199],{},[136,200],{"alt":201,"src":202,"title":203},"Vulnerability-Detailseite, dritte Ansicht","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772547522/mbbwbbprtf9anqqola10.png","Detailansicht einer Container-Scanning-Schwachstelle",[17,205,206,207,212],{},"Die ",[72,208,211],{"href":209,"rel":210},"https://docs.gitlab.com/user/application_security/vulnerabilities/",[],"Vulnerability Details"," zeigen genau, welche Container-Images und Layer betroffen sind, und erleichtern so das Zurückverfolgen zur Ursache. Schwachstellen lassen sich Teammitgliedern zuweisen, im Status ändern (erkannt, bestätigt, behoben, verworfen), mit Kommentaren zur Zusammenarbeit versehen und mit zugehörigen Issues zur Nachverfolgung der Behebung verknüpfen.",[17,214,215],{},"Auf diese Weise wird das Schwachstellenmanagement zum festen Bestandteil des Entwicklungsprozesses: Container-Sicherheitsbefunde werden nachvollziehbar erfasst, priorisiert und systematisch behoben.",[81,217,219],{"id":218},"die-dependency-list-öffnen","Die Dependency List öffnen",[17,221,206,222,227],{},[72,223,226],{"href":224,"rel":225},"https://docs.gitlab.com/user/application_security/dependency_list/",[],"Dependency List"," von GitLab liefert eine umfassende Software Bill of Materials (SBOM), die jede Komponente in den Container-Images erfasst und damit vollständige Transparenz über die Software-Lieferkette schafft.",[17,229,230],{},[136,231],{"alt":232,"src":233,"title":234},"GitLab Dependency List","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772547513/vjg6dk3nhajqamplroji.png","GitLab Dependency List (SBOM)",[17,236,237,238,241],{},"Über ",[53,239,240],{},"Security & Compliance > Dependency List"," öffnet sich ein Inventar aller Pakete, Bibliotheken und Abhängigkeiten, die das Container Scanning im Projekt erkannt hat. Diese Ansicht macht sichtbar, was in den Containern tatsächlich läuft – von Betriebssystempaketen bis hin zu Abhängigkeiten auf Anwendungsebene. Filtern lässt sich nach Paketmanager, Lizenztyp oder Schwachstellenstatus, sodass sich sicherheits- oder compliancerelevante Komponenten schnell eingrenzen lassen. Jeder Eintrag zeigt die zugehörigen Schwachstellen im Kontext der realen Software-Komponenten statt als isolierten Befund.",[42,243,245],{"id":244},"_2-container-scanning-for-registry","2. Container Scanning for Registry",[47,247,248,257,262,267],{},[50,249,250,252,253,256],{},[53,251,55],{}," Scannt automatisch Images, die mit dem Tag ",[97,254,255],{},"latest"," in die GitLab Container Registry gepusht werden",[50,258,259,261],{},[53,260,61],{}," Kontinuierliche Überwachung von Registry-Images ohne manuelles Auslösen einer Pipeline",[50,263,264,266],{},[53,265,67],{}," nur Ultimate",[50,268,269],{},[72,270,76],{"href":271,"rel":272},"https://docs.gitlab.com/user/application_security/container_scanning/#container-scanning-for-registry",[],[17,274,275,276,278],{},"Wird ein Container-Image mit dem Tag ",[97,277,255],{}," gepusht, löst der Security-Policy-Bot von GitLab automatisch einen Scan gegen den Default-Branch aus. Anders als das pipeline-basierte Scanning arbeitet dieser Ansatz mit dem Continuous Vulnerability Scanning zusammen, um auf neu veröffentlichte Sicherheitshinweise zu reagieren.",[81,280,282],{"id":281},"container-scanning-for-registry-aktivieren","Container Scanning for Registry aktivieren",[17,284,285,286,288,289,292],{},"Die Aktivierung erfolgt über ",[53,287,90],{},": Dort im Abschnitt ",[53,290,291],{},"Container Scanning For Registry"," die Funktion einschalten.",[17,294,295],{},[136,296],{"alt":297,"src":298,"title":297},"Schalter für Container Scanning for Registry","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772547512/vntrlhtmsh1ecnwni5ji.png",[17,300,301,302,305],{},"Vorausgesetzt werden dabei die Maintainer-Rolle oder höher, ein nicht leeres Projekt (mindestens ein Commit im Default-Branch), konfigurierte Benachrichtigungen der Container Registry sowie eine eingerichtete Package Metadata Database (auf GitLab.com standardmäßig aktiv). Gefundene Schwachstellen erscheinen im Tab ",[53,303,304],{},"Container Registry vulnerabilities"," des Vulnerability Reports.",[42,307,309],{"id":308},"_3-multi-container-scanning","3. Multi-Container Scanning",[47,311,312,317,322,327],{},[50,313,314,316],{},[53,315,55],{}," Scannt mehrere Container-Images parallel innerhalb einer einzigen Pipeline",[50,318,319,321],{},[53,320,61],{}," Microservices-Architekturen und Projekte mit mehreren Container-Images",[50,323,324,326],{},[53,325,67],{}," Free, Premium und Ultimate (aktuell als Beta)",[50,328,329],{},[72,330,76],{"href":331,"rel":332},"https://docs.gitlab.com/user/application_security/container_scanning/multi_container_scanning/",[],[17,334,335],{},"Das Multi-Container Scanning führt Scans über dynamische Child-Pipelines nebenläufig aus, wenn mehrere Images zu prüfen sind.",[81,337,339],{"id":338},"multi-container-scanning-aktivieren","Multi-Container Scanning aktivieren",[17,341,342,343,346,347,350,351,353,354,108],{},"Grundlage ist eine Datei ",[97,344,345],{},".gitlab-multi-image.yml"," im Wurzelverzeichnis des Repositorys, in der die zu scannenden Images als Ziele definiert werden; anschließend wird das Template ",[97,348,349],{},"Jobs/Multi-Container-Scanning.latest.gitlab-ci.yml"," in die ",[97,352,103],{}," eingebunden. Auch das Scannen von Images aus privaten Registries sowie das Einbeziehen von Lizenzinformationen lässt sich dort konfigurieren. Die vollständige Konfiguration beschreibt die ",[72,355,76],{"href":331,"rel":356},[],[42,358,360],{"id":359},"_4-continuous-vulnerability-scanning","4. Continuous Vulnerability Scanning",[47,362,363,368,373,377],{},[50,364,365,367],{},[53,366,55],{}," Erzeugt automatisch Schwachstelleneinträge, sobald neue Sicherheitshinweise veröffentlicht werden – ohne dass eine Pipeline nötig ist",[50,369,370,372],{},[53,371,61],{}," Proaktive Überwachung zwischen Deployments",[50,374,375,266],{},[53,376,67],{},[50,378,379],{},[72,380,76],{"href":381,"rel":382},"https://docs.gitlab.com/user/application_security/continuous_vulnerability_scanning/",[],[17,384,385],{},"Herkömmliches Scanning erfasst Schwachstellen nur zum Zeitpunkt des Scans. Doch was geschieht, wenn morgen ein neuer CVE für ein Paket veröffentlicht wird, das gestern gescannt wurde? Genau hier setzt das Continuous Vulnerability Scanning an: Es überwacht die GitLab Advisory Database und legt automatisch Schwachstelleneinträge an, sobald neue Hinweise die eingesetzten Komponenten betreffen.",[81,387,389],{"id":388},"funktionsweise","Funktionsweise",[17,391,392],{},"Der Ablauf besteht aus vier Schritten: Ein Container- oder Dependency-Scanning-Job erzeugt eine CycloneDX-SBOM. GitLab registriert daraus die Komponenten des Projekts. Werden neue Sicherheitshinweise veröffentlicht, prüft GitLab, ob die eigenen Komponenten betroffen sind. Zutreffende Schwachstellen erscheinen anschließend automatisch im Vulnerability Report.",[17,394,395],{},"Einige Punkte sind dabei zu beachten: Die Scans laufen über Hintergrundjobs (Sidekiq), nicht über CI-Pipelines. Für die Erkennung neuer Komponenten werden nur Hinweise aus den letzten 14 Tagen berücksichtigt. Als Scanner-Name erscheint „GitLab SBoM Vulnerability Scanner“. Um Schwachstellen als behoben zu markieren, ist weiterhin ein pipeline-basierter Scan nötig.",[42,397,399],{"id":398},"_5-operational-container-scanning","5. Operational Container Scanning",[47,401,402,407,412,416],{},[50,403,404,406],{},[53,405,55],{}," Scannt laufende Container im Kubernetes-Cluster in einem festgelegten Zeitintervall",[50,408,409,411],{},[53,410,61],{}," Sicherheitsüberwachung nach dem Deployment und Erkennung von Laufzeit-Schwachstellen",[50,413,414,266],{},[53,415,67],{},[50,417,418],{},[72,419,76],{"href":420,"rel":421},"https://docs.gitlab.com/user/clusters/agent/vulnerabilities/",[],[17,423,424],{},"Das Operational Container Scanning schlägt die Brücke zwischen Sicherheit zur Build-Zeit und Sicherheit zur Laufzeit. Über den GitLab-Agent für Kubernetes scannt es Container, die tatsächlich in den Clustern laufen, und erkennt so Schwachstellen, die erst nach dem Deployment auftreten.",[81,426,428],{"id":427},"operational-container-scanning-aktivieren","Operational Container Scanning aktivieren",[17,430,431,432,437,438,443],{},"Beim Einsatz des ",[72,433,436],{"href":434,"rel":435},"https://docs.gitlab.com/user/clusters/agent/install/",[],"GitLab-Agents für Kubernetes"," wird das Scanning über die Konfigurationsdatei des Agents eingerichtet, wobei sich ein Intervall (etwa täglich) sowie die einzubeziehenden Namespaces festlegen lassen. Ebenso lässt sich über eine ",[72,439,442],{"href":440,"rel":441},"https://docs.gitlab.com/user/clusters/agent/vulnerabilities/#enable-via-scan-execution-policies",[],"Scan Execution Policy"," ein durch den GitLab-Agent erzwungener, terminierter Scan definieren.",[17,445,446],{},[136,447],{"alt":448,"src":449,"title":450},"Scan Execution Policy für Operational Container Scanning","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772547515/gsgvjcq4sas4dfc8ciqk.png","Bedingungen einer Scan Execution Policy für Operational Container Scanning",[17,452,453,454,457,458,461,462,465,466,305],{},"Die Ergebnisse finden sich über ",[53,455,456],{},"Operate > Kubernetes clusters",": im Tab ",[53,459,460],{},"Agent"," den Agent auswählen und anschließend im Tab ",[53,463,464],{},"Security"," die Cluster-Schwachstellen einsehen. Zusätzlich erscheinen sie im Tab ",[53,467,468],{},"Operational Vulnerabilities",[24,470,472],{"id":471},"sicherheitsniveau-mit-gitlab-security-policies-erhöhen","Sicherheitsniveau mit GitLab Security Policies erhöhen",[17,474,475],{},"Mit GitLab Security Policies lassen sich einheitliche Sicherheitsstandards über automatisierte, richtliniengesteuerte Kontrollen durchsetzen. Solche Richtlinien verankern Anforderungen direkt in der Entwicklungs-Pipeline und stellen sicher, dass Schwachstellen erkannt und behoben werden, bevor Code die Produktion erreicht.",[81,477,479],{"id":478},"scan-execution-policies-und-pipeline-execution-policies","Scan Execution Policies und Pipeline Execution Policies",[17,481,482,487],{},[72,483,486],{"href":484,"rel":485},"https://docs.gitlab.com/user/application_security/policies/scan_execution_policies/",[],"Scan Execution Policies"," steuern, wann und wie Container Scanning projektübergreifend läuft. So lassen sich etwa Scans bei jedem Merge Request auslösen oder wiederkehrende Scans des Haupt-Branches ansetzen – ohne dass Entwicklungsteams das Scanning in jeder einzelnen Pipeline manuell einrichten müssen. Auch die zu verwendende Scanner-Version und die Scan-Parameter lassen sich zentral festlegen.",[17,489,490],{},[136,491],{"alt":492,"src":493,"title":492},"Konfiguration einer Scan Execution Policy","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772547517/z36dntxslqem9udrynvx.png",[17,495,496,501],{},[72,497,500],{"href":498,"rel":499},"https://docs.gitlab.com/user/application_security/policies/pipeline_execution_policies/",[],"Pipeline Execution Policies"," bieten flexible Kontrolle, um eigene Jobs in eine Pipeline einzufügen oder bestehende zu überschreiben – je nach Compliance-Anforderung. Damit lassen sich Container-Scanning-Jobs automatisch einfügen, Builds bei Überschreiten der Risikotoleranz abbrechen, zusätzliche Prüfungen für bestimmte Branches oder Tags anstoßen oder Compliance-Vorgaben für Images durchsetzen, die für die Produktion bestimmt sind.",[17,503,504],{},[136,505],{"alt":506,"src":507,"title":506},"Aktionen einer Pipeline Execution Policy","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772547517/ddhhugzcr2swptgodof2.png",[81,509,511],{"id":510},"merge-request-approval-policies","Merge Request Approval Policies",[17,513,514,518],{},[72,515,511],{"href":516,"rel":517},"https://docs.gitlab.com/user/application_security/policies/merge_request_approval_policies/",[]," setzen Sicherheits-Gates durch, indem sie festgelegte Prüfer(innen) verlangen, die Merge Requests mit Container-Schwachstellen freigeben. So lassen sich Richtlinien definieren, die einen Merge bei kritischen oder schwerwiegenden Schwachstellen blockieren oder die Freigabe durch das Sicherheitsteam verlangen, sobald ein Merge Request neue Container-Befunde einführt.",[17,520,521],{},[136,522],{"alt":523,"src":524,"title":523},"Merge Request Approval Policy blockiert einen Merge Request","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772547513/hgnbc1vl4ssqafqcyuzg.png",[24,526,528],{"id":527},"den-passenden-ansatz-wählen","Den passenden Ansatz wählen",[530,531,532,548],"table",{},[533,534,535],"thead",{},[536,537,538,542,545],"tr",{},[539,540,541],"th",{},"Scanning-Art",[539,543,544],{},"Wann einsetzen",[539,546,547],{},"Zentraler Nutzen",[549,550,551,563,574,585,596],"tbody",{},[536,552,553,557,560],{},[554,555,556],"td",{},"Pipeline-basiert",[554,558,559],{},"Bei jedem Build",[554,561,562],{},"Shift-Left-Sicherheit; blockiert anfällige Builds",[536,564,565,568,571],{},[554,566,567],{},"Registry-Scanning",[554,569,570],{},"Kontinuierliche Überwachung",[554,572,573],{},"Erkennt neue CVEs in gespeicherten Images",[536,575,576,579,582],{},[554,577,578],{},"Multi-Container",[554,580,581],{},"Microservices",[554,583,584],{},"Parallele Scans mehrerer Images",[536,586,587,590,593],{},[554,588,589],{},"Continuous Vulnerability",[554,591,592],{},"Zwischen Deployments",[554,594,595],{},"Proaktive Überwachung von Sicherheitshinweisen",[536,597,598,601,604],{},[554,599,600],{},"Operational",[554,602,603],{},"Überwachung der Produktion",[554,605,606],{},"Erkennung von Laufzeit-Schwachstellen",[17,608,609],{},"Für eine umfassende Absicherung bietet es sich an, mehrere Ansätze zu kombinieren: pipeline-basiertes Scanning, um Probleme während der Entwicklung zu erkennen, Registry-Scanning zur kontinuierlichen Überwachung und Operational Scanning für den Einblick in die Produktion.",[24,611,613],{"id":612},"der-einstieg","Der Einstieg",[17,615,616,617,619,620,622],{},"Der direkteste Einstieg in die Container-Sicherheit ist das pipeline-basierte Scanning: im Projekt unter ",[53,618,90],{}," für Container Scanning ",[53,621,94],{}," auswählen und den erzeugten Merge Request mergen. Der nächste Pipeline-Durchlauf enthält dann bereits das Schwachstellen-Scanning.",[17,624,625],{},"Darauf aufbauend lassen sich je nach Sicherheitsanforderung und GitLab-Tarif weitere Scanning-Arten ergänzen. Container-Sicherheit ist keine einmalige Aufgabe, sondern ein fortlaufender Prozess. Mit den Container-Scanning-Funktionen von GitLab lassen sich Schwachstellen in jeder Phase des Container-Lebenszyklus erkennen – vom Build bis zur Laufzeit.",[627,628,629],"blockquote",{},[17,630,631,632,108],{},"Weitere Informationen dazu, wie GitLab das Sicherheitsniveau stärkt, bietet die ",[72,633,636],{"href":634,"rel":635},"https://about.gitlab.com/de-de/solutions/application-security-testing/",[],"Seite zu GitLab Security- und Governance-Lösungen",{"title":638,"searchDepth":639,"depth":639,"links":640},"",2,[641,642,650,651,652],{"id":26,"depth":639,"text":27},{"id":36,"depth":639,"text":37,"children":643},[644,646,647,648,649],{"id":44,"depth":645,"text":45},3,{"id":244,"depth":645,"text":245},{"id":308,"depth":645,"text":309},{"id":359,"depth":645,"text":360},{"id":398,"depth":645,"text":399},{"id":471,"depth":639,"text":472},{"id":527,"depth":639,"text":528},{"id":612,"depth":639,"text":613},"security","2026-07-06","Fünf Arten des Container Scannings in GitLab – von der Pipeline bis zur Laufzeit im Cluster – und wie sich jede aktivieren und kombinieren lässt.","md",null,true,"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772721753/frfsm1qfscwrmsyzj1qn.png",{},"/de-de/blog/complete-guide-to-gitlab-container-scanning",{"config":663,"title":665,"description":666},{"noIndex":664},false,"Container Scanning in GitLab: der komplette Leitfaden","Container Scanning in GitLab absichern: fünf Methoden vom Build bis zur Laufzeit – Pipeline, Registry, Multi-Container, kontinuierlich und operativ.","complete-guide-to-gitlab-container-scanning","de-de/blog/complete-guide-to-gitlab-container-scanning",[653,670],"tutorial","BlogPost","CF0Z16WjLQVE7IXcCQK7cUKv9uUWLXyPb7M_zB0cSWw",{"logo":674,"freeTrial":679,"sales":684,"login":689,"items":694,"search":1018,"minimal":1052,"duo":1070,"switchNav":1079,"pricingDeployment":1090},{"config":675},{"href":676,"dataGaName":677,"dataGaLocation":678},"/de-de/","gitlab logo","header",{"text":680,"config":681},"Kostenlose Testversion anfordern",{"href":682,"dataGaName":683,"dataGaLocation":678},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/de-de&glm_content=default-saas-trial/","free trial",{"text":685,"config":686},"Demo anfordern",{"href":687,"dataGaName":688,"dataGaLocation":678},"/de-de/sales/?contact-topic=request-demo","sales",{"text":690,"config":691},"Anmelden",{"href":692,"dataGaName":693,"dataGaLocation":678},"https://gitlab.com/users/sign_in/","sign in",[695,724,826,831,940,996],{"text":696,"config":697,"menu":699},"Plattform",{"dataNavLevelOne":698},"platform",{"type":700,"columns":701},"cards",[702,708,716],{"title":696,"description":703,"link":704},"Die intelligente Orchestrierungsplattform für DevSecOps",{"text":705,"config":706},"Die Plattform erkunden",{"href":707,"dataGaName":698,"dataGaLocation":678},"/de-de/platform/",{"title":709,"description":710,"link":711},"GitLab Duo Agent Platform","Agentische KI für den gesamten Software-Lebenszyklus",{"text":712,"config":713},"Lerne GitLab Duo kennen",{"href":714,"dataGaName":715,"dataGaLocation":678},"/de-de/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":717,"description":718,"link":719},"Warum GitLab?","Erfahre, warum sich Unternehmen für GitLab entscheiden",{"text":720,"config":721},"Mehr erfahren",{"href":722,"dataGaName":723,"dataGaLocation":678},"/de-de/why-gitlab/","why gitlab",{"text":725,"left":658,"config":726,"menu":728},"Produkt",{"dataNavLevelOne":727},"solutions",{"type":729,"link":730,"columns":734,"feature":805},"lists",{"text":731,"config":732},"Alle Lösungen anzeigen",{"href":733,"dataGaName":727,"dataGaLocation":678},"/de-de/solutions/",[735,760,783],{"title":736,"description":737,"link":738,"items":743},"Automatisierung","CI/CD und Automatisierung zur Beschleunigung der Bereitstellung",{"config":739},{"icon":740,"href":741,"dataGaName":742,"dataGaLocation":678},"AutomatedCodeAlt","/de-de/solutions/delivery-automation/","automated software delivery",[744,748,751,756],{"text":745,"config":746},"CI/CD",{"href":747,"dataGaLocation":678,"dataGaName":745},"/de-de/solutions/continuous-integration/",{"text":709,"config":749},{"href":714,"dataGaLocation":678,"dataGaName":750},"gitlab duo agent platform - product menu",{"text":752,"config":753},"Quellcodeverwaltung",{"href":754,"dataGaLocation":678,"dataGaName":755},"/de-de/solutions/source-code-management/","Source Code Management",{"text":757,"config":758},"Automatische Softwarebereitstellung",{"href":741,"dataGaLocation":678,"dataGaName":759},"Automated software delivery",{"title":761,"description":762,"link":763,"items":768},"Sicherheit","Entwickle Code schneller ohne Abstriche bei der Sicherheit",{"config":764},{"href":765,"dataGaName":766,"dataGaLocation":678,"icon":767},"/de-de/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[769,773,778],{"text":770,"config":771},"Anwendungssicherheitstests",{"href":765,"dataGaName":772,"dataGaLocation":678},"Application security testing",{"text":774,"config":775},"Schutz der Software-Lieferkette",{"href":776,"dataGaLocation":678,"dataGaName":777},"/de-de/solutions/supply-chain/","Software supply chain security",{"text":779,"config":780},"Software-Compliance",{"href":781,"dataGaName":782,"dataGaLocation":678},"/de-de/solutions/software-compliance/","software compliance",{"title":784,"link":785,"items":790},"Messung",{"config":786},{"icon":787,"href":788,"dataGaName":789,"dataGaLocation":678},"DigitalTransformation","/de-de/solutions/visibility-measurement/","visibility and measurement",[791,795,800],{"text":792,"config":793},"Sichtbarkeit und Messung",{"href":788,"dataGaLocation":678,"dataGaName":794},"Visibility and Measurement",{"text":796,"config":797},"Wertstrommanagement",{"href":798,"dataGaLocation":678,"dataGaName":799},"/de-de/solutions/value-stream-management/","Value Stream Management",{"text":801,"config":802},"Analysen und Einblicke",{"href":803,"dataGaLocation":678,"dataGaName":804},"/de-de/solutions/analytics-and-insights/","Analytics and insights",{"title":806,"type":729,"items":807},"GitLab für",[808,814,820],{"text":809,"config":810},"Enterprise",{"icon":811,"href":812,"dataGaLocation":678,"dataGaName":813},"Building","/de-de/enterprise/","enterprise",{"text":815,"config":816},"Kleinunternehmen",{"icon":817,"href":818,"dataGaLocation":678,"dataGaName":819},"Work","/de-de/small-business/","small business",{"text":821,"config":822},"Öffentlicher Sektor",{"icon":823,"href":824,"dataGaLocation":678,"dataGaName":825},"Organization","/de-de/solutions/public-sector/","public sector",{"text":827,"config":828},"Preise",{"href":829,"dataGaName":830,"dataGaLocation":678,"dataNavLevelOne":830},"/de-de/pricing/","pricing",{"text":832,"config":833,"menu":835},"Ressourcen",{"dataNavLevelOne":834},"resources",{"type":729,"link":836,"columns":840,"feature":929},{"text":837,"config":838},"Alle Ressourcen anzeigen",{"href":839,"dataGaName":834,"dataGaLocation":678},"/de-de/resources/",[841,874,896],{"title":842,"items":843},"Erste Schritte",[844,849,854,859,864,869],{"text":845,"config":846},"Installieren",{"href":847,"dataGaName":848,"dataGaLocation":678},"/de-de/install/","install",{"text":850,"config":851},"Kurzanleitungen",{"href":852,"dataGaName":853,"dataGaLocation":678},"/de-de/get-started/","quick setup checklists",{"text":855,"config":856},"Lernen",{"href":857,"dataGaLocation":678,"dataGaName":858},"https://university.gitlab.com/","learn",{"text":860,"config":861},"Produktdokumentation",{"href":862,"dataGaName":863,"dataGaLocation":678},"https://docs.gitlab.com/","product documentation",{"text":865,"config":866},"Best-Practice-Videos",{"href":867,"dataGaName":868,"dataGaLocation":678},"/de-de/getting-started-videos/","best practice videos",{"text":870,"config":871},"Integrationen",{"href":872,"dataGaName":873,"dataGaLocation":678},"/de-de/integrations/","integrations",{"title":875,"items":876},"Entdecken",[877,882,887,891],{"text":878,"config":879},"Kundenerfolge",{"href":880,"dataGaName":881,"dataGaLocation":678},"/de-de/customers/","customer success stories",{"text":883,"config":884},"Blog",{"href":885,"dataGaName":886,"dataGaLocation":678},"/de-de/blog/","blog",{"text":888,"config":889},"The Source",{"href":890,"dataGaName":886,"dataGaLocation":678},"/de-de/the-source/",{"text":892,"config":893},"Remote",{"href":894,"dataGaName":895,"dataGaLocation":678},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":897,"items":898},"Vernetzen",[899,904,909,914,919,924],{"text":900,"config":901},"GitLab-Services",{"href":902,"dataGaName":903,"dataGaLocation":678},"/de-de/services/","services",{"text":905,"config":906},"Beitragen",{"href":907,"dataGaName":908,"dataGaLocation":678},"https://contributors.gitlab.com","contribute",{"text":910,"config":911},"Community",{"href":912,"dataGaName":913,"dataGaLocation":678},"/community/","community",{"text":915,"config":916},"Forum",{"href":917,"dataGaName":918,"dataGaLocation":678},"https://forum.gitlab.com/","forum",{"text":920,"config":921},"Veranstaltungen",{"href":922,"dataGaName":923,"dataGaLocation":678},"/events/","events",{"text":925,"config":926},"Partner",{"href":927,"dataGaName":928,"dataGaLocation":678},"/de-de/partners/","partners",{"config":930,"title":933,"text":934,"link":935},{"background":931,"textColor":932},"url('https://res.cloudinary.com/about-gitlab-com/image/upload/v1777322348/qpq8yrgn8knii57omj0c.png')","#000","Neues bei GitLab","Über die neuesten Funktionen und Verbesserungen auf dem Laufenden bleiben.",{"text":936,"config":937},"Aktuelle Nachrichten",{"href":938,"dataGaName":939,"dataGaLocation":678},"/de-de/whats-new/","whats new",{"text":941,"config":942,"menu":944},"Unternehmen",{"dataNavLevelOne":943},"company",{"type":729,"columns":945},[946],{"items":947},[948,953,959,961,966,971,976,981,986,991],{"text":949,"config":950},"Über",{"href":951,"dataGaName":952,"dataGaLocation":678},"/de-de/company/","about",{"text":954,"config":955,"footerGa":958},"Karriere",{"href":956,"dataGaName":957,"dataGaLocation":678},"/jobs/","jobs",{"dataGaName":957},{"text":920,"config":960},{"href":922,"dataGaName":923,"dataGaLocation":678},{"text":962,"config":963},"Geschäftsführung",{"href":964,"dataGaName":965,"dataGaLocation":678},"/company/team/e-group/","leadership",{"text":967,"config":968},"Handbuch",{"href":969,"dataGaName":970,"dataGaLocation":678},"https://handbook.gitlab.com/","handbook",{"text":972,"config":973},"Investor Relations",{"href":974,"dataGaName":975,"dataGaLocation":678},"https://ir.gitlab.com/","investor relations",{"text":977,"config":978},"Trust Center",{"href":979,"dataGaName":980,"dataGaLocation":678},"/de-de/security/","trust center",{"text":982,"config":983},"AI Transparency Center",{"href":984,"dataGaName":985,"dataGaLocation":678},"/de-de/ai-transparency-center/","ai transparency center",{"text":987,"config":988},"Newsletter",{"href":989,"dataGaName":990,"dataGaLocation":678},"/company/contact/#contact-forms","newsletter",{"text":992,"config":993},"Presse",{"href":994,"dataGaName":995,"dataGaLocation":678},"/press/","press",{"text":997,"config":998,"menu":999},"Kontakt",{"dataNavLevelOne":943},{"type":729,"columns":1000},[1001],{"items":1002},[1003,1008,1013],{"text":1004,"config":1005},"Vertrieb kontaktieren",{"href":1006,"dataGaName":1007,"dataGaLocation":678},"/de-de/sales/","talk to sales",{"text":1009,"config":1010},"Support-Portal",{"href":1011,"dataGaName":1012,"dataGaLocation":678},"https://support.gitlab.com","support portal",{"text":1014,"config":1015},"Kundenportal",{"href":1016,"dataGaName":1017,"dataGaLocation":678},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":1019,"login":1020,"suggestions":1027},"Schließen",{"text":1021,"link":1022},"Um Repositorys und Projekte zu durchsuchen, melde dich an bei",{"text":1023,"config":1024},"gitlab.com",{"href":692,"dataGaName":1025,"dataGaLocation":1026},"search login","search",{"text":1028,"default":1029},"Vorschläge",[1030,1032,1037,1039,1044,1049],{"text":709,"config":1031},{"href":714,"dataGaName":709,"dataGaLocation":1026},{"text":1033,"config":1034},"Codevorschläge (KI)",{"href":1035,"dataGaName":1036,"dataGaLocation":1026},"/de-de/solutions/code-suggestions/","Code Suggestions (AI)",{"text":745,"config":1038},{"href":747,"dataGaName":745,"dataGaLocation":1026},{"text":1040,"config":1041},"GitLab auf AWS",{"href":1042,"dataGaName":1043,"dataGaLocation":1026},"/de-de/partners/technology-partners/aws/","GitLab on AWS",{"text":1045,"config":1046},"GitLab auf Google Cloud",{"href":1047,"dataGaName":1048,"dataGaLocation":1026},"/de-de/partners/technology-partners/google-cloud-platform/","GitLab on Google Cloud",{"text":717,"config":1050},{"href":722,"dataGaName":1051,"dataGaLocation":1026},"Why GitLab?",{"freeTrial":1053,"mobileIcon":1058,"desktopIcon":1063,"secondaryButton":1066},{"text":1054,"config":1055},"Kostenlos testen",{"href":1056,"dataGaName":683,"dataGaLocation":1057},"https://gitlab.com/-/trials/new/","nav",{"altText":1059,"config":1060},"GitLab-Symbol",{"src":1061,"dataGaName":1062,"dataGaLocation":1057},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":1059,"config":1064},{"src":1065,"dataGaName":1062,"dataGaLocation":1057},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":842,"config":1067},{"href":1068,"dataGaName":1069,"dataGaLocation":1057},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/de-de/get-started/","get started",{"freeTrial":1071,"mobileIcon":1075,"desktopIcon":1077},{"text":1072,"config":1073},"Mehr über GitLab Duo erfahren",{"href":714,"dataGaName":1074,"dataGaLocation":1057},"gitlab duo",{"altText":1059,"config":1076},{"src":1061,"dataGaName":1062,"dataGaLocation":1057},{"altText":1059,"config":1078},{"src":1065,"dataGaName":1062,"dataGaLocation":1057},{"button":1080,"mobileIcon":1085,"desktopIcon":1087},{"text":1081,"config":1082},"/Option",{"href":1083,"dataGaName":1084,"dataGaLocation":1057},"#contact","switch",{"altText":1059,"config":1086},{"src":1061,"dataGaName":1062,"dataGaLocation":1057},{"altText":1059,"config":1088},{"src":1089,"dataGaName":1062,"dataGaLocation":1057},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":1091,"mobileIcon":1096,"desktopIcon":1098},{"text":1092,"config":1093},"Zurück zur Preisübersicht",{"href":829,"dataGaName":1094,"dataGaLocation":1057,"icon":1095},"back to pricing","GoBack",{"altText":1059,"config":1097},{"src":1061,"dataGaName":1062,"dataGaLocation":1057},{"altText":1059,"config":1099},{"src":1065,"dataGaName":1062,"dataGaLocation":1057},{"title":1101,"button":1102,"config":1106},"GitLab Orbit ist da: die Kontextebene für KI-Agenten",{"text":720,"config":1103},{"href":1104,"dataGaName":1105,"dataGaLocation":678},"/de-de/gitlab-orbit/","orbit",{"layout":1107,"disabled":664},"release",{"data":1109},{"text":1110,"source":1111,"edit":1117,"contribute":1122,"config":1127,"items":1132,"minimal":1338},"Git ist eine Marke von Software Freedom Conservancy und unsere Verwendung von „GitLab“ erfolgt unter Lizenz.",{"text":1112,"config":1113},"Quelltext der Seite anzeigen",{"href":1114,"dataGaName":1115,"dataGaLocation":1116},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":1118,"config":1119},"Diese Seite bearbeiten",{"href":1120,"dataGaName":1121,"dataGaLocation":1116},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":1123,"config":1124},"Beteilige dich",{"href":1125,"dataGaName":1126,"dataGaLocation":1116},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":1128,"facebook":1129,"youtube":1130,"linkedin":1131},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[1133,1178,1231,1273,1305],{"title":827,"links":1134,"subMenu":1149},[1135,1139,1144],{"text":1136,"config":1137},"Tarife anzeigen",{"href":829,"dataGaName":1138,"dataGaLocation":1116},"view plans",{"text":1140,"config":1141},"Vorteile von Premium",{"href":1142,"dataGaName":1143,"dataGaLocation":1116},"/de-de/pricing/premium/","why premium",{"text":1145,"config":1146},"Vorteile von Ultimate",{"href":1147,"dataGaName":1148,"dataGaLocation":1116},"/de-de/pricing/ultimate/","why ultimate",[1150],{"title":997,"links":1151},[1152,1154,1156,1158,1163,1168,1173],{"text":1004,"config":1153},{"href":1006,"dataGaName":688,"dataGaLocation":1116},{"text":1009,"config":1155},{"href":1011,"dataGaName":1012,"dataGaLocation":1116},{"text":1014,"config":1157},{"href":1016,"dataGaName":1017,"dataGaLocation":1116},{"text":1159,"config":1160},"Status",{"href":1161,"dataGaName":1162,"dataGaLocation":1116},"https://status.gitlab.com/","status",{"text":1164,"config":1165},"Nutzungsbedingungen",{"href":1166,"dataGaName":1167,"dataGaLocation":1116},"/terms/","terms of use",{"text":1169,"config":1170},"Datenschutzerklärung",{"href":1171,"dataGaName":1172,"dataGaLocation":1116},"/de-de/privacy/","privacy statement",{"text":1174,"config":1175},"Cookie-Einstellungen",{"dataGaName":1176,"dataGaLocation":1116,"id":1177,"isOneTrustButton":658},"cookie preferences","ot-sdk-btn",{"title":725,"links":1179,"subMenu":1188},[1180,1184],{"text":1181,"config":1182},"DevSecOps-Plattform",{"href":707,"dataGaName":1183,"dataGaLocation":1116},"devsecops platform",{"text":1185,"config":1186},"KI-unterstützte Entwicklung",{"href":714,"dataGaName":1187,"dataGaLocation":1116},"ai-assisted development",[1189],{"title":1190,"links":1191},"Themen",[1192,1196,1201,1206,1211,1216,1221,1226],{"text":745,"config":1193},{"href":1194,"dataGaName":1195,"dataGaLocation":1116},"/de-de/topics/ci-cd/","cicd",{"text":1197,"config":1198},"GitOps",{"href":1199,"dataGaName":1200,"dataGaLocation":1116},"/de-de/topics/gitops/","gitops",{"text":1202,"config":1203},"DevOps",{"href":1204,"dataGaName":1205,"dataGaLocation":1116},"/de-de/topics/devops/","devops",{"text":1207,"config":1208},"Versionskontrolle",{"href":1209,"dataGaName":1210,"dataGaLocation":1116},"/de-de/topics/version-control/","version control",{"text":1212,"config":1213},"DevSecOps",{"href":1214,"dataGaName":1215,"dataGaLocation":1116},"/de-de/topics/devsecops/","devsecops",{"text":1217,"config":1218},"Cloud-nativ",{"href":1219,"dataGaName":1220,"dataGaLocation":1116},"/de-de/topics/cloud-native/","cloud native",{"text":1222,"config":1223},"KI für das Programmieren",{"href":1224,"dataGaName":1225,"dataGaLocation":1116},"/de-de/topics/devops/ai-for-coding/","ai for coding",{"text":1227,"config":1228},"Agentische KI",{"href":1229,"dataGaName":1230,"dataGaLocation":1116},"/de-de/topics/agentic-ai/","agentic ai",{"title":1232,"links":1233},"Lösungen",[1234,1237,1239,1244,1248,1251,1254,1257,1259,1261,1263,1268],{"text":770,"config":1235},{"href":765,"dataGaName":1236,"dataGaLocation":1116},"Application Security Testing",{"text":757,"config":1238},{"href":741,"dataGaName":742,"dataGaLocation":1116},{"text":1240,"config":1241},"Agile Entwicklung",{"href":1242,"dataGaName":1243,"dataGaLocation":1116},"/de-de/solutions/agile-delivery/","agile delivery",{"text":1245,"config":1246},"SCM",{"href":754,"dataGaName":1247,"dataGaLocation":1116},"source code management",{"text":745,"config":1249},{"href":747,"dataGaName":1250,"dataGaLocation":1116},"continuous integration & delivery",{"text":796,"config":1252},{"href":798,"dataGaName":1253,"dataGaLocation":1116},"value stream management",{"text":1197,"config":1255},{"href":1256,"dataGaName":1200,"dataGaLocation":1116},"/de-de/solutions/gitops/",{"text":809,"config":1258},{"href":812,"dataGaName":813,"dataGaLocation":1116},{"text":815,"config":1260},{"href":818,"dataGaName":819,"dataGaLocation":1116},{"text":821,"config":1262},{"href":824,"dataGaName":825,"dataGaLocation":1116},{"text":1264,"config":1265},"Bildungswesen",{"href":1266,"dataGaName":1267,"dataGaLocation":1116},"/de-de/solutions/education/","education",{"text":1269,"config":1270},"Finanzdienstleistungen",{"href":1271,"dataGaName":1272,"dataGaLocation":1116},"/de-de/solutions/finance/","financial services",{"title":832,"links":1274},[1275,1277,1279,1281,1284,1286,1289,1291,1293,1295,1297,1299,1301,1303],{"text":845,"config":1276},{"href":847,"dataGaName":848,"dataGaLocation":1116},{"text":850,"config":1278},{"href":852,"dataGaName":853,"dataGaLocation":1116},{"text":855,"config":1280},{"href":857,"dataGaName":858,"dataGaLocation":1116},{"text":860,"config":1282},{"href":862,"dataGaName":1283,"dataGaLocation":1116},"docs",{"text":883,"config":1285},{"href":885,"dataGaName":886,"dataGaLocation":1116},{"text":1287,"config":1288},"Neuerungen",{"href":938,"dataGaName":939,"dataGaLocation":1116},{"text":878,"config":1290},{"href":880,"dataGaName":881,"dataGaLocation":1116},{"text":892,"config":1292},{"href":894,"dataGaName":895,"dataGaLocation":1116},{"text":900,"config":1294},{"href":902,"dataGaName":903,"dataGaLocation":1116},{"text":905,"config":1296},{"href":907,"dataGaName":908,"dataGaLocation":1116},{"text":910,"config":1298},{"href":912,"dataGaName":913,"dataGaLocation":1116},{"text":915,"config":1300},{"href":917,"dataGaName":918,"dataGaLocation":1116},{"text":920,"config":1302},{"href":922,"dataGaName":923,"dataGaLocation":1116},{"text":925,"config":1304},{"href":927,"dataGaName":928,"dataGaLocation":1116},{"title":941,"links":1306},[1307,1309,1311,1313,1315,1317,1322,1327,1329,1331,1333],{"text":949,"config":1308},{"href":951,"dataGaName":943,"dataGaLocation":1116},{"text":954,"config":1310},{"href":956,"dataGaName":957,"dataGaLocation":1116},{"text":962,"config":1312},{"href":964,"dataGaName":965,"dataGaLocation":1116},{"text":967,"config":1314},{"href":969,"dataGaName":970,"dataGaLocation":1116},{"text":972,"config":1316},{"href":974,"dataGaName":975,"dataGaLocation":1116},{"text":1318,"config":1319},"Nachhaltigkeit",{"href":1320,"dataGaName":1321,"dataGaLocation":1116},"/sustainability/","Sustainability",{"text":1323,"config":1324},"Vielfalt, Inklusion und Zugehörigkeit",{"href":1325,"dataGaName":1326,"dataGaLocation":1116},"/de-de/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":977,"config":1328},{"href":979,"dataGaName":980,"dataGaLocation":1116},{"text":987,"config":1330},{"href":989,"dataGaName":990,"dataGaLocation":1116},{"text":992,"config":1332},{"href":994,"dataGaName":995,"dataGaLocation":1116},{"text":1334,"config":1335},"Transparenzerklärung zu moderner Sklaverei",{"href":1336,"dataGaName":1337,"dataGaLocation":1116},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":1339},[1340,1343,1346],{"text":1341,"config":1342},"Terms",{"href":1166,"dataGaName":1167,"dataGaLocation":1116},{"text":1344,"config":1345},"Cookies",{"dataGaName":1176,"dataGaLocation":1116,"id":1177,"isOneTrustButton":658},{"text":1347,"config":1348},"Datenschutz",{"href":1171,"dataGaName":1172,"dataGaLocation":1116},[1350],{"id":1351,"title":7,"body":657,"config":1352,"content":1354,"description":657,"extension":1358,"meta":1359,"navigation":658,"path":1360,"seo":1361,"stem":1362,"__hash__":1363},"blogAuthors/en-us/blog/authors/fernando-diaz.yml",{"template":1353},"BlogAuthor",{"name":7,"config":1355},{"headshot":1356,"ctfId":1357},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659556/Blog/Author%20Headshots/fern_diaz.png","fjdiaz","yml",{},"/en-us/blog/authors/fernando-diaz",{},"en-us/blog/authors/fernando-diaz","lxRJIOydP4_yzYZvsPcuQevP9AYAKREF7i8QmmdnOWc",[1365,1373,1381],{"title":1366,"description":1367,"heroImage":1368,"category":653,"date":1369,"authors":1370,"slug":1372,"externalUrl":657},"Eine Ansicht für alle Schwachstellen, von Scanner-Abdeckung bis KI-Governance","Je mehr Code KI schreibt, desto wichtiger wird Sicherheit. GitLab vereint Scanner-Abdeckung, Erkennung und Behebung, mit KI-Governance für Agenten.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1781621337/mtjqzed2cqtef0frmor2.png","2026-06-18",[1371],"Alisa Ho","one-vulnerability-view",{"title":1374,"description":1375,"heroImage":1376,"category":653,"date":1377,"authors":1378,"slug":1380,"externalUrl":657},"Vollständige Security-Scanner-Abdeckung der Codebase in Minuten","Security Configuration Profiles ermöglichen schnellere Scanner-Rollouts. Wie GitLab 19.0 Tausende von Projekten in Minuten abdeckt – ohne Lücken.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1779189265/iqzyhhiwagxzwywvjzow.png","2026-05-26",[1379],"Michael Omokoh","security-configuration-profiles",{"title":1382,"description":1383,"heroImage":1376,"category":653,"date":1377,"authors":1384,"slug":1387,"externalUrl":657},"Supply-Chain-Risiken reduzieren – mit SBOM-basiertem Dependency Scanning","Transitive Abhängigkeiten erkennen, ihren Ursprung nachverfolgen und nach realer Exposition priorisieren.",[1385,1386],"Mark Settle","Joel Patterson","sbom-based-dependency-scanning",{"promotions":1389},[1390,1404,1416,1427],{"id":1391,"categories":1392,"header":1394,"text":1395,"button":1396,"image":1401},"ai-modernization",[1393],"ai","Hält KI, was uns versprochen wurde?","Das Quiz dauert maximal 5 Minuten.",{"text":1397,"config":1398},"Ermittle deinen KI-Reifegrad",{"href":1399,"dataGaName":1400,"dataGaLocation":886},"/de-de/assessments/ai-modernization-assessment/","modernization assessment",{"config":1402},{"src":1403},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":1405,"categories":1406,"header":1408,"text":1395,"button":1409,"image":1413},"devops-modernization",[1407,1215],"product","Verwaltest du Tool-Chaos oder stellst du Innovationen bereit?",{"text":1410,"config":1411},"Ermittle deinen DevOps-Reifegrad",{"href":1412,"dataGaName":1400,"dataGaLocation":886},"/de-de/assessments/devops-modernization-assessment/",{"config":1414},{"src":1415},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":1417,"categories":1418,"header":1419,"text":1395,"button":1420,"image":1424},"security-modernization",[653],"Tauschst du Schnelligkeit gegen Sicherheit ein?",{"text":1421,"config":1422},"Ermittle deinen Sicherheitsreifegrad",{"href":1423,"dataGaName":1400,"dataGaLocation":886},"/de-de/assessments/security-modernization-assessment/",{"config":1425},{"src":1426},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"id":1428,"paths":1429,"header":1432,"text":1433,"button":1434,"image":1439},"github-azure-migration",[1430,1431],"migration-from-azure-devops-to-gitlab","integrating-azure-devops-scm-and-gitlab","Ist dein Team bereit für den Umzug von GitHub nach Azure?","GitHub stellt bereits auf Azure um. Finde heraus, was das für dich bedeutet.",{"text":1435,"config":1436},"Erfahre, wie GitLab im Vergleich zu GitHub abschneidet",{"href":1437,"dataGaName":1438,"dataGaLocation":886},"/de-de/compare/gitlab-vs-github/github-azure-migration/","github azure migration",{"config":1440},{"src":1415},{"header":1442,"blurb":1443,"button":1444,"secondaryButton":1449},"Beginne noch heute, schneller zu entwickeln","Entdecke, was dein Team mit der intelligenten Orchestrierungsplattform für DevSecOps erreichen kann.\n",{"text":1445,"config":1446},"Kostenlosen Test starten",{"href":1447,"dataGaName":683,"dataGaLocation":1448},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/de-de/","feature",{"text":1004,"config":1450},{"href":1006,"dataGaName":688,"dataGaLocation":1448},1784055965347]