The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
Applications that are deployed to production are subject to attacks that exploit vulnerabilities. Many vulnerabilities can be identified and corrected prior to product deployment by running security scans on the source code (SAST) or on exposed interfaces (DAST).
Some vulnerabilities, however, cannot be identified by standalone static or dynamic application testing. This is where interactive security application testing comes in.
IAST works through software instrumentation, or the use of instruments to monitor an application as it runs and gather information about what it does and how it performs. IAST solutions instrument applications by deploying agents in running applications and continuously analyzing all application interactions initiated by manual tests, automated tests, or a combination of both to identify vulnerabilities in real time.* IAST can detect more vulnerabilities than SAST or DAST because the agent has visibility into:
While IAST is similar to Runtime Application Self-Protection Security (RASP), the key difference is that IAST is focused on identifying vulnerabilities within the application and RASPs are focused protecting against cybersecurity attacks that may take advantages of those vulnerabilities or other attack vectors.
We have the advantage of being able to provide testing results before the app is deployed into the production environment, by using Review Apps. This means that we will be able to provide IAST results for every single commit.
We will also be able to provide support for custom flows and provide IAST results for the master branch in Auto DevOps to better align with other existing tools.
We want to engage analysts to make them aware of the security features already available in GitLab. Since this is a relatively new scope for us, we must aim at being included in the next researches.
We can get valuable feedback from analysts, and use it to drive our vision.
The category is very new, so we still need to engage customers and get feedback about their interests and priorities in this area.
There are no features available for this category.
The category is very new, so we still need to engage customers and get feedback about their interests and priorities in this area.