Turn Your Vehicle Into a Smart Earning Asset

While youā€™re not driving your car or bike, it can still be working for you. MOTOSHARE helps you earn passive income by connecting your vehicle with trusted renters in your city.

šŸš— You set the rental price
šŸ” Secure bookings with verified renters
šŸ“ Track your vehicle with GPS integration
šŸ’° Start earning within 48 hours

Join as a Partner Today

Itā€™s simple, safe, and rewarding. Your vehicle. Your rules. Your earnings.

Uncategorised

GitLab Secure Experience Guide SAST, DAST, SCA etc

May 28, 2025 Leave a Comment

Here’s a comprehensive, hands-on tutorial to help you explore and experience all the features listed under the Secure section of GitLab using a sample project.

šŸ” Full GitLab Secure Experience Guide (GitLab SaaS – Free or Ultimate Tier)

šŸ§Ŗ Sections Covered:

  1. Security Dashboard
  2. Vulnerability Report
  3. Dependency List
  4. Audit Events
  5. Compliance Center
  6. Policies
  7. On-Demand Scans
  8. Security Configuration

šŸ“¦ Sample Repo:

gitlab-examples/security-reports

https://gitlab.com/gitlab-examples/security

āœ… Youā€™ll fork and run security pipelines on this to explore all Secure features.

šŸ› ļø Prerequisites

  • GitLab account (preferably Ultimate tier for all features)
  • Fork access to gitlab-examples/security-reports
  • CI/CD runners enabled (shared runners on GitLab.com are fine)
  • Enable container registry (if testing container scanning)

āœ… Step-by-Step Walkthrough

šŸ” STEP 1: Fork the Repo

  1. Visit gitlab-examples/security-reports
  2. Click Fork
  3. Choose your namespace or group

āš™ļø STEP 2: Enable Security Features

  1. Go to Secure ā†’ Security Configuration
  2. Enable each of the following (GitLab creates .gitlab-ci.yml snippets for you):
    • āœ… SAST
    • āœ… Dependency Scanning
    • āœ… Secret Detection
    • āœ… DAST (Needs a deployed URL)
    • āœ… Container Scanning (Requires Docker image build)
    • āœ… License Compliance
    • āœ… Coverage Fuzzing
    • āœ… API Fuzzing

šŸ’” Tip: Ensure CI/CD ā†’ General pipeline settings ā†’ Auto DevOps is disabled (to avoid conflicts with .gitlab-ci.yml).

ā–¶ļø STEP 3: Trigger the Pipeline

  1. Push a commit or go to CI/CD > Pipelines and click Run pipeline
  2. Wait for the full security pipeline to complete
  3. Each tool (SAST, DAST, etc.) generates artifacts GitLab uses in Secure dashboards

šŸ›”ļø STEP 4: Explore Secure Menu Options

āœ… 1. Security Dashboard

  • Navigate: Secure > Security Dashboard
  • See:
    • Open vulnerabilities by severity
    • Merge requests with unresolved issues
    • Projects under your namespace grouped by security posture

āœ… 2. Vulnerability Report

  • Navigate: Secure > Vulnerability Report
  • View all findings from your pipeline:
    • SAST, DAST, Container, Dependency scans
  • Use filters to sort by:
    • Severity
    • Scanner type
    • Status (detected, dismissed, resolved)

āœ… 3. Dependency List

  • Navigate: Secure > Dependency List
  • Shows a full tree of project dependencies (pulled from your package.json, pom.xml, etc.)
  • Any library with known vulnerabilities is flagged

āœ… 4. Audit Events

  • Navigate: Secure > Audit Events
  • Shows:
    • Group/project-level permission changes
    • Settings changes
    • Login attempts, pipeline trigger activity
  • Enterprise feature (requires Ultimate Tier)

āœ… 5. Compliance Center

  • Navigate: Secure > Compliance Center
  • Create compliance pipelines (separate from project pipelines)
  • Enforce MR approval rules
  • View audit compliance reports
  • Monitor adherence to internal policies

āœ… 6. Policies

  • Navigate: Secure > Policies
  • Types of policies:
    • Scan Execution Policies (e.g., always run secret detection)
    • Scan Result Policies (e.g., block merge if high vulnerability)
  • Click ā€œNew Policyā€
  • Use GUI to define:
    • Trigger condition
    • Actions (e.g., approve requirement, MR block)

āœ… 7. On-Demand Scans

  • Navigate: Secure > On-Demand Scans
  • Great for ad hoc DAST/API scans
  • Choose:
    • Target site URL (for DAST)
    • OpenAPI spec (for API fuzzing)
  • No CI/CD pipeline required

āœ… 8. Security Configuration

  • Navigate: Secure > Security Configuration
  • All tools toggled here
  • Edit variables, scan schedules, timeouts
  • Links to pipelines that used each security tool

šŸ”„ OPTIONAL: Enable Advanced Features

  1. Enable License Compliance
  2. Build & scan Docker images ā†’ View Container Scanning results
  3. Add intentionally vulnerable code/libraries to test deeper scanning

šŸ“Š STEP 5: Automate Reporting (Optional)

You can set up email reports or export results via API:

šŸ“š Learning Summary

By the end of this guide, youā€™ve:

āœ”ļø Enabled full suite of GitLab Secure features
āœ”ļø Explored each report and dashboard
āœ”ļø Configured On-Demand scans and Policies
āœ”ļø Seen real security results and recommendations

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.

0
Would love your thoughts, please comment.x
()
x