Secure

Security capabilities, integrated into your development lifecycle.

Product categories

SAST

Static Application Security Testing scans the application source code and binaries to spot potential vulnerabilities before deployment using open source tools that are installed as part of GitLab. Vulnerabilities are shown in-line with every merge request and results are collected and presented as a single report.

Learn More →

Secret Detection

Check for credentials and secrets in commits.

Learn More →

Code Quality

Automatically analyze your source code to surface issues and see if quality is improving or getting worse with the latest commit.

Learn More →

DAST

Dynamic Application Security Testing analyzes your running web application for known runtime vulnerabilities. It runs live attacks against a Review App, an externally deployed application, or an active API, created for every merge request as part of the GitLab's CI/CD capabilities. Users can provide HTTP credentials to test private areas. Vulnerabilities are shown in-line with every merge request. Tests can also be run outside of CI/CD pipelines by utilizing on-demand DAST scans

Learn More →

API Security

API Security focuses on testing and protecting APIs. Testing for known vulnerabilities with DAST API and unknown vulnerabilities with API Fuzzing, API Security runs against a live API or a *Review App* to discover vulnerabilities that can only be uncovered after the API has been deployed. Users can provide credentials to test authenticated APIs. Vulnerabilities are shown in-line with every merge request.

Learn More →

Fuzz Testing

Fuzz testing increase chances to get results by using arbitrary payloads instead of well-known ones.

Learn More →

Dependency Scanning

Analyze external dependencies (e.g. libraries like Ruby gems) for known vulnerabilities on each code commit with GitLab CI/CD. This scan relies on open source tools and on the integration with Gemnasium technology (now part of GitLab) to show, in-line with every merge request, vulnerable dependencies needing updating. Results are collected and available as a single report.

Learn More →

License Compliance

Upon code commit, project dependencies are searched for approved and blacklisted licenses defined by custom policies per project. Software licenses being used are identified if they are not within policy. This scan relies on an open source tool, LicenseFinder and license analysis results are shown in-line for every merge request for immediate resolution.

Learn More →

Vulnerability Management

View, triage, trend, track, and resolve vulnerabilities detected in your applications.

Learn More →
Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license