GitLab Security Essentials

Overview

This course covers all of the essential security capabilities of GitLab, including SAST, DAST, dependency and container scanning, license compliance, WAF, and policy management. It is intended for customers with Gold or Ultimate subscription levels.

New certification! Starting in December 2020, we're including class participant access to our new GitLab Certified Security Specialist certification assessments. To earn this certification, GitLab Security Essentials live training participants must receive a passing score on both a written assessment and a lab assessment evaluated by a GitLab Professional Services Engineer.

Target Audiences

Project managers, developers, DevSecOps engineers, and security specialists

What’s Included

Live training sessions delivered by a GitLab technical trainer
Lecture with demonstrations
Hands-on Labs
Slides with notes and reference links

Learning Objectives

Describe the security features available in GitLab
Determine teams and/or team members that should give merge request security approvals
Enable and configure scanning tool, including enabling and disabling options
Enable and configure merge request security approvals
View and utilize the Security Dashboard for a given group and project
Download scanning results as evidence for compliance
Configure defensive mechanisms
Test performance and inspect logs

Price

Remote delivery is $5,000 per class. Onsite delivery is $7,000 per class plus incurred trainer travel expenses.

Duration

One delivery of this course includes two 4-hour remote sessions or one 1-day onsite session.

Class Size

12 attendees recommended, maximum 20 attendees

Course Syllabus

Day 1: Part 1

Schedule	Topic	Overview
9:00 - 9:30a	Introducing the Secure Stage	Features available in the Secure Stage How Security Scanning at GitLab Works Types of Security Reports and Lists Available
9:30 - 11:30a	Using SAST and DAST	What is Static Application Security Testing (SAST) Steps for Using SAST Configuring SAST Reviewing Reports in the Security Dashboard Demo: Enable SAST on a pipeline Hands On Lab: Using SAST on a project What is Dynamic Application Security Testing (DAST) Steps for Using DAST Configuring DAST Review Vulnerabilities and Reports Approval Request Capabilities Demo: Review DAST Scanning Examples
11:45a - 1:00p	Dependency Scanning	What is Dependency Scanning Steps for Using Dependency Scanning Configuring Dependency Scanning Review Scanning Output and Reports Demo: Invoke Dependency Scanning on a pipeline Hands On Lab: Using Dependency Scanning on a pipeline

Day 2: Part 2

Schedule	Topic	Overview
9:00 - 10:00a	Container Scanning	What is Container Scanning Steps for Using Container Scanning Configuring Container Scanning Review Scanning Output and Reports Fuzz Testing See Fuzz Testing in Action Demo: Demo: Invoke Container Scanning on a pipeline Hands On Lab: Hands On Lab: Using Container Scanning on a pipeline
10:00 - 11:15a	License Compliance	What is License Compliance Steps for Using License Compliance Configuring License Compliance Review Scanning Output and Reports Demo: Add a License File to a Project Demo: Invoke License Compliance on a pipeline Hands On Lab: Using License Compliance on a pipeline
11:30a - 12:00p	Introducing the Protect Stage	Features available in the Protect Stage Feature Maturity for Protect Stage
12:00 - 12:30p	Web Application Firewall (WAF)	What is Web Application Firewall (WAF) WAF Requirements How to Configure WAF WAF Updates Demo: Modsecurity Enabled on a GitLab Project
12:30 - 1:00p	Policy Management for Container Network Policies	What is Container Network Policy Management Policy Management Requirements How to View Network Policy Lists and Reports

GitLab Education