Welcome #

Welcome to Simple Notes - GitLab DevSecOps Introduction. This Project will help you gain a better understanding of how to successfully shift security left to find and fix security flaws during development and do so more easily, with greater visibility and control than typical approaches can provide.

Getting Started #

In order to get started, go through each of the lessons described within the workshop:

This concludes the main portion of the tutorial. The rest of the tutorial is optional, but does go over useful features, such as branch protections, additional configurations and scheduling for the security scanners, gitops, and more…

Outcomes #

  • How to achieve comprehensive security scanning without adding a bunch of new tools and processes
  • How to secure your cloud native applications and IaC environments within existing DevOps workflows
  • How to use a single-source-of-truth to improve collaboration between dev and sec
  • How to manage all of your software vulnerabilities in one place
  • How to automate and monitor your security policies and simplify auditing
  • How to detect unknown vulnerabilities and errors using fuzz-testing
  • How to configure the security scanners and make them run on a schedule
  • How to enable separation of duties and adhere to compliance
  • How to perform GitOps and deploy to a Kubernetes cluster

Sections #

1DevSecOps OverviewGoes over the basics of DevSecOps and it’s benefits
2PrerequisitesRequirements to get started with the project
3Deploying the Demo ApplicationLearn how to deploy and expose the demo application
4Setting up and Configuring the Security Scanners and PoliciesLearn how to setup and configure the different types of security scans. This includes Security Policies as well
5Developer WorkflowLearn how to view and take action on vulnerabilities within a Merge Request
6AppSec WorkflowLearn how to triage vulnerabilities and collaborate with other members of a Security team
7Branch Protection and Additional Scanner ConfigurationShows how to configure branch protections rules, force scanners to run on a schedule, and additional scanner configurations
8Policy as Code with GitOpsLeverage GitOps to automate kubernetes deployments
9Looking ForwardWhat’s next with GitLab Security

Additional Resources #

To learn about the project we are using you can see the following documentation: