- Education Services
- GitLab Security Essentials
GitLab Security Essentials
Overview
This course covers all of the essential security capabilities of GitLab, including Static Application Security Testing, secret detection, Dynamic Application Security Testing, dependency scanning, container scanning, license compliance, and fuzz testing.
Since most of these features are only available for customers with an Ultimate license, this course is intended for Ultimate customers only.
Target Audience
- Project managers, developers, DevSecOps engineers, and security specialists who are using GitLab with the Ultimate license
- Prerequisites
- This course is not appropriate for students without any Git, GitLab, or GitLab CI/CD knowledge
What’s Included
- Live training sessions delivered by a GitLab technical trainer
- Lecture with demonstrations
- Hands-on labs
- Slides with notes and reference links
Price
Remote: $5,000
On-site: $7,000 plus travel expenses for each instructor
Duration
Remote: normally delivered as two 3- to 4-hour sessions, presented on separate days.
On-site: normally delivered as a single 7- to 8-hour session, including 1 hour for lunch.
Class Size
Maximum 12 attendees. Order this seat add-on to increase total seats per class.
Course Syllabus
Part 1
| Duration |
Topic |
Overview |
| 1 hr |
Introducing the Secure Stage |
- Features available in the Secure Stage
- How Security Scanning Works with GitLab Flow
- Types of Security Scans Available
- Types of Security Reports Available
|
| 2 hrs |
SAST, Secret Detection, and DAST |
- What is Static Application Security Testing (SAST)?
- Steps for Using SAST
- Enabling and Configuring SAST
- Reviewing SAST Reports
- Taking Action on SAST Findings
- What is Secret Detection?
- Steps for Using Secret Detection
- Enabling and Configuring Secret Detection
- What is Dynamic Application Security Testing (DAST)?
- Steps for Using DAST
- Enabling and Configuring DAST
- Lab: Using SAST, Secret Detection, and DAST
|
| 1 hr |
Dependency Scanning |
- What is Dependency Scanning?
- Steps for Using Dependency Scanning
- Enable and Configure Dependency Scanning
- Lab: Using Dependency Scanning
|
Part 2
| Duration |
Topic |
Overview |
| 1 hr |
Container Scanning |
- What is Container Scanning?
- Steps for Using Container Scanning
- Enable and Configure Container Scanning
- Lab: Using Container Scanning
|
| 1 hr |
License Compliance |
- What is License Compliance?
- Steps for Using License Compliance
- Enable and Configure License Compliance
- Review Scanning Output and Reports
- Lab: Enable, Configure, and Run License Compliance
|
| 1 hr 30 mins |
Fuzz Testing |
- What is Fuzz Testing?
- Steps for Using Fuzz Testing
- Fuzz Testing workflow
- Using a Fuzz Testing Corpus
- Lab: Enable, Configure, and Run Fuzz Testing
|
System Requirements
Computer with internet access and Git installed, per the requirements specified here.
