Gitlab hero border pattern left svg Gitlab hero border pattern right svg

GitLab Education

GitLab Security Essentials


This course covers all of the essential security capabilities of GitLab, including SAST, DAST, dependency and container scanning, license compliance, WAF, and policy management. It is intended for customers with Gold or Ultimate subscription levels.

New certification! Starting in December 2020, we're including class participant access to our new GitLab Certified Security Specialist certification assessments. To earn this certification, GitLab Security Essentials live training participants must receive a passing score on both a written assessment and a lab assessment evaluated by a GitLab Professional Services Engineer.

Target Audiences

Project managers, developers, DevSecOps engineers, and security specialists

What’s Included

  • Live training sessions delivered by a GitLab technical trainer
  • Lecture with demonstrations
  • Hands-on Labs
  • Slides with notes and reference links

Learning Objectives

  • Describe the security features available in GitLab
  • Determine teams and/or team members that should give merge request security approvals
  • Enable and configure scanning tool, including enabling and disabling options
  • Enable and configure merge request security approvals
  • View and utilize the Security Dashboard for a given group and project
  • Download scanning results as evidence for compliance
  • Configure defensive mechanisms
  • Test performance and inspect logs


Remote delivery is $5,000 per class. Onsite delivery is $7,000 per class plus incurred trainer travel expenses.


One delivery of this course includes two 4-hour remote sessions or one 1-day onsite session.

Class Size

12 attendees recommended, maximum 20 attendees

Course Syllabus

Day 1: Part 1

Schedule Topic Overview
9:00 - 9:30a Introducing the Secure Stage
  • Features available in the Secure Stage
  • How Security Scanning at GitLab Works
  • Types of Security Reports and Lists Available
9:30 - 11:30a Using SAST and DAST
  • What is Static Application Security Testing (SAST)
  • Steps for Using SAST
  • Configuring SAST
  • Reviewing Reports in the Security Dashboard
  • Demo: Enable SAST on a pipeline
  • Hands On Lab: Using SAST on a project
  • What is Dynamic Application Security Testing (DAST)
  • Steps for Using DAST
  • Configuring DAST
  • Review Vulnerabilities and Reports
  • Approval Request Capabilities
  • Demo: Review DAST Scanning Examples
11:45a - 1:00p Dependency Scanning
  • What is Dependency Scanning
  • Steps for Using Dependency Scanning
  • Configuring Dependency Scanning
  • Review Scanning Output and Reports
  • Demo: Invoke Dependency Scanning on a pipeline
  • Hands On Lab: Using Dependency Scanning on a pipeline

Day 2: Part 2

Schedule Topic Overview
9:00 - 10:00a Container Scanning
  • What is Container Scanning
  • Steps for Using Container Scanning
  • Configuring Container Scanning
  • Review Scanning Output and Reports
  • Fuzz Testing
  • See Fuzz Testing in Action
  • Demo: Demo: Invoke Container Scanning on a pipeline
  • Hands On Lab: Hands On Lab: Using Container Scanning on a pipeline
10:00 - 11:15a License Compliance
  • What is License Compliance
  • Steps for Using License Compliance
  • Configuring License Compliance
  • Review Scanning Output and Reports
  • Demo: Add a License File to a Project
  • Demo: Invoke License Compliance on a pipeline
  • Hands On Lab: Using License Compliance on a pipeline
11:30a - 12:00p Introducing the Protect Stage
  • Features available in the Protect Stage
  • Feature Maturity for Protect Stage
12:00 - 12:30p Web Application Firewall (WAF)
  • What is Web Application Firewall (WAF)
  • WAF Requirements
  • How to Configure WAF
  • WAF Updates
  • Demo: Modsecurity Enabled on a GitLab Project
12:30 - 1:00p Policy Management for Container Network Policies
  • What is Container Network Policy Management
  • Policy Management Requirements
  • How to View Network Policy Lists and Reports
Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license