Turn Your Vehicle Into a Smart Earning Asset

While you’re not driving your car or bike, it can still be working for you. MOTOSHARE helps you earn passive income by connecting your vehicle with trusted renters in your city.

🚗 You set the rental price
🔐 Secure bookings with verified renters
📍 Track your vehicle with GPS integration
💰 Start earning within 48 hours

Join as a Partner Today

It’s simple, safe, and rewarding. Your vehicle. Your rules. Your earnings.

Uncategorised

GitLab Secure Experience Guide SAST, DAST, SCA etc

May 28, 2025 Leave a Comment

Here’s a comprehensive, hands-on tutorial to help you explore and experience all the features listed under the Secure section of GitLab using a sample project.

🔐 Full GitLab Secure Experience Guide (GitLab SaaS – Free or Ultimate Tier)

🧪 Sections Covered:

  1. Security Dashboard
  2. Vulnerability Report
  3. Dependency List
  4. Audit Events
  5. Compliance Center
  6. Policies
  7. On-Demand Scans
  8. Security Configuration

📦 Sample Repo:

gitlab-examples/security-reports

https://gitlab.com/gitlab-examples/security

✅ You’ll fork and run security pipelines on this to explore all Secure features.

🛠️ Prerequisites

  • GitLab account (preferably Ultimate tier for all features)
  • Fork access to gitlab-examples/security-reports
  • CI/CD runners enabled (shared runners on GitLab.com are fine)
  • Enable container registry (if testing container scanning)

✅ Step-by-Step Walkthrough

🔁 STEP 1: Fork the Repo

  1. Visit gitlab-examples/security-reports
  2. Click Fork
  3. Choose your namespace or group

⚙️ STEP 2: Enable Security Features

  1. Go to Secure → Security Configuration
  2. Enable each of the following (GitLab creates .gitlab-ci.yml snippets for you):
    • ✅ SAST
    • ✅ Dependency Scanning
    • ✅ Secret Detection
    • ✅ DAST (Needs a deployed URL)
    • ✅ Container Scanning (Requires Docker image build)
    • ✅ License Compliance
    • ✅ Coverage Fuzzing
    • ✅ API Fuzzing

💡 Tip: Ensure CI/CDGeneral pipeline settingsAuto DevOps is disabled (to avoid conflicts with .gitlab-ci.yml).

▶️ STEP 3: Trigger the Pipeline

  1. Push a commit or go to CI/CD > Pipelines and click Run pipeline
  2. Wait for the full security pipeline to complete
  3. Each tool (SAST, DAST, etc.) generates artifacts GitLab uses in Secure dashboards

🛡️ STEP 4: Explore Secure Menu Options

✅ 1. Security Dashboard

  • Navigate: Secure > Security Dashboard
  • See:
    • Open vulnerabilities by severity
    • Merge requests with unresolved issues
    • Projects under your namespace grouped by security posture

✅ 2. Vulnerability Report

  • Navigate: Secure > Vulnerability Report
  • View all findings from your pipeline:
    • SAST, DAST, Container, Dependency scans
  • Use filters to sort by:
    • Severity
    • Scanner type
    • Status (detected, dismissed, resolved)

✅ 3. Dependency List

  • Navigate: Secure > Dependency List
  • Shows a full tree of project dependencies (pulled from your package.json, pom.xml, etc.)
  • Any library with known vulnerabilities is flagged

✅ 4. Audit Events

  • Navigate: Secure > Audit Events
  • Shows:
    • Group/project-level permission changes
    • Settings changes
    • Login attempts, pipeline trigger activity
  • Enterprise feature (requires Ultimate Tier)

✅ 5. Compliance Center

  • Navigate: Secure > Compliance Center
  • Create compliance pipelines (separate from project pipelines)
  • Enforce MR approval rules
  • View audit compliance reports
  • Monitor adherence to internal policies

✅ 6. Policies

  • Navigate: Secure > Policies
  • Types of policies:
    • Scan Execution Policies (e.g., always run secret detection)
    • Scan Result Policies (e.g., block merge if high vulnerability)
  • Click “New Policy”
  • Use GUI to define:
    • Trigger condition
    • Actions (e.g., approve requirement, MR block)

✅ 7. On-Demand Scans

  • Navigate: Secure > On-Demand Scans
  • Great for ad hoc DAST/API scans
  • Choose:
    • Target site URL (for DAST)
    • OpenAPI spec (for API fuzzing)
  • No CI/CD pipeline required

✅ 8. Security Configuration

  • Navigate: Secure > Security Configuration
  • All tools toggled here
  • Edit variables, scan schedules, timeouts
  • Links to pipelines that used each security tool

🔄 OPTIONAL: Enable Advanced Features

  1. Enable License Compliance
  2. Build & scan Docker images → View Container Scanning results
  3. Add intentionally vulnerable code/libraries to test deeper scanning

📊 STEP 5: Automate Reporting (Optional)

You can set up email reports or export results via API:

📚 Learning Summary

By the end of this guide, you’ve:

✔️ Enabled full suite of GitLab Secure features
✔️ Explored each report and dashboard
✔️ Configured On-Demand scans and Policies
✔️ Seen real security results and recommendations

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.

0
Would love your thoughts, please comment.x
()
x