Gitlab hero border pattern left svg Gitlab hero border pattern right svg

GitLab Education Services

GitLab Security Essentials

Overview

This course covers all of the essential security capabilities of GitLab, including Static Application Security Testing, secret detection, Dynamic Application Security Testing, dependency scanning, container scanning, license compliance, and fuzz testing.

Since most of these features are only available for customers with an Ultimate license, this course is intended for Ultimate customers only.

Target Audience

  • Project managers, developers, DevSecOps engineers, and security specialists who are using GitLab with the Ultimate license
  • Prerequisites
  • This course is not appropriate for students without any Git, GitLab, or GitLab CI/CD knowledge

What’s Included

  • Live training sessions delivered by a GitLab technical trainer
  • Lecture with demonstrations
  • Hands-on labs
  • Slides with notes and reference links

Price

Remote: $5,000
On-site: $7,000 plus travel expenses for each instructor

Duration

Remote: normally delivered as two 3- to 4-hour sessions, presented on separate days.
On-site: normally delivered as a single 7- to 8-hour session, including 1 hour for lunch.

Class Size

Maximum 12 attendees. Order this seat add-on to increase total seats per class.

Course Syllabus

Part 1

Duration Topic Overview
1 hr Introducing the Secure Stage
  • Features available in the Secure Stage
  • How Security Scanning Works with GitLab Flow
  • Types of Security Scans Available
  • Types of Security Reports Available
2 hrs SAST, Secret Detection, and DAST
  • What is Static Application Security Testing (SAST)?
  • Steps for Using SAST
  • Enabling and Configuring SAST
  • Reviewing SAST Reports
  • Taking Action on SAST Findings
  • What is Secret Detection?
  • Steps for Using Secret Detection
  • Enabling and Configuring Secret Detection
  • What is Dynamic Application Security Testing (DAST)?
  • Steps for Using DAST
  • Enabling and Configuring DAST
  • Lab: Using SAST, Secret Detection, and DAST
1 hr Dependency Scanning
  • What is Dependency Scanning?
  • Steps for Using Dependency Scanning
  • Enable and Configure Dependency Scanning
  • Lab: Using Dependency Scanning

Part 2

Duration Topic Overview
1 hr Container Scanning
  • What is Container Scanning?
  • Steps for Using Container Scanning
  • Enable and Configure Container Scanning
  • Lab: Using Container Scanning
1 hr License Compliance
  • What is License Compliance?
  • Steps for Using License Compliance
  • Enable and Configure License Compliance
  • Review Scanning Output and Reports
  • Lab: Enable, Configure, and Run License Compliance
1 hr 30 mins Fuzz Testing
  • What is Fuzz Testing?
  • Steps for Using Fuzz Testing
  • Fuzz Testing workflow
  • Using a Fuzz Testing Corpus
  • Lab: Enable, Configure, and Run Fuzz Testing

System Requirements

Computer with internet access and Git installed, per the requirements specified here.

Open in Web IDE View source