Find the Best Cosmetic Hospitals

Explore trusted cosmetic hospitals and make a confident choice for your transformation.

โ€œInvest in yourself โ€” your confidence is always worth it.โ€

Explore Cosmetic Hospitals

Start your journey today โ€” compare options in one place.

GitLab Secure Experience Guide SAST, DAST, SCA etc

ByRajesh Kumar

Here’s a comprehensive, hands-on tutorial to help you explore and experience all the features listed under the Secure section of GitLab using a sample project.

๐Ÿ” Full GitLab Secure Experience Guide (GitLab SaaS – Free or Ultimate Tier)

๐Ÿงช Sections Covered:

  1. Security Dashboard
  2. Vulnerability Report
  3. Dependency List
  4. Audit Events
  5. Compliance Center
  6. Policies
  7. On-Demand Scans
  8. Security Configuration

๐Ÿ“ฆ Sample Repo:

gitlab-examples/security-reports

https://gitlab.com/gitlab-examples/security

โœ… Youโ€™ll fork and run security pipelines on this to explore all Secure features.

๐Ÿ› ๏ธ Prerequisites

  • GitLab account (preferably Ultimate tier for all features)
  • Fork access to gitlab-examples/security-reports
  • CI/CD runners enabled (shared runners on GitLab.com are fine)
  • Enable container registry (if testing container scanning)

โœ… Step-by-Step Walkthrough

๐Ÿ” STEP 1: Fork the Repo

  1. Visit gitlab-examples/security-reports
  2. Click Fork
  3. Choose your namespace or group

โš™๏ธ STEP 2: Enable Security Features

  1. Go to Secure โ†’ Security Configuration
  2. Enable each of the following (GitLab creates .gitlab-ci.yml snippets for you):
    • โœ… SAST
    • โœ… Dependency Scanning
    • โœ… Secret Detection
    • โœ… DAST (Needs a deployed URL)
    • โœ… Container Scanning (Requires Docker image build)
    • โœ… License Compliance
    • โœ… Coverage Fuzzing
    • โœ… API Fuzzing

๐Ÿ’ก Tip: Ensure CI/CD โ†’ General pipeline settings โ†’ Auto DevOps is disabled (to avoid conflicts with .gitlab-ci.yml).

โ–ถ๏ธ STEP 3: Trigger the Pipeline

  1. Push a commit or go to CI/CD > Pipelines and click Run pipeline
  2. Wait for the full security pipeline to complete
  3. Each tool (SAST, DAST, etc.) generates artifacts GitLab uses in Secure dashboards

๐Ÿ›ก๏ธ STEP 4: Explore Secure Menu Options

โœ… 1. Security Dashboard

  • Navigate: Secure > Security Dashboard
  • See:
    • Open vulnerabilities by severity
    • Merge requests with unresolved issues
    • Projects under your namespace grouped by security posture

โœ… 2. Vulnerability Report

  • Navigate: Secure > Vulnerability Report
  • View all findings from your pipeline:
    • SAST, DAST, Container, Dependency scans
  • Use filters to sort by:
    • Severity
    • Scanner type
    • Status (detected, dismissed, resolved)

โœ… 3. Dependency List

  • Navigate: Secure > Dependency List
  • Shows a full tree of project dependencies (pulled from your package.json, pom.xml, etc.)
  • Any library with known vulnerabilities is flagged

โœ… 4. Audit Events

  • Navigate: Secure > Audit Events
  • Shows:
    • Group/project-level permission changes
    • Settings changes
    • Login attempts, pipeline trigger activity
  • Enterprise feature (requires Ultimate Tier)

โœ… 5. Compliance Center

  • Navigate: Secure > Compliance Center
  • Create compliance pipelines (separate from project pipelines)
  • Enforce MR approval rules
  • View audit compliance reports
  • Monitor adherence to internal policies

โœ… 6. Policies

  • Navigate: Secure > Policies
  • Types of policies:
    • Scan Execution Policies (e.g., always run secret detection)
    • Scan Result Policies (e.g., block merge if high vulnerability)
  • Click โ€œNew Policyโ€
  • Use GUI to define:
    • Trigger condition
    • Actions (e.g., approve requirement, MR block)

โœ… 7. On-Demand Scans

  • Navigate: Secure > On-Demand Scans
  • Great for ad hoc DAST/API scans
  • Choose:
    • Target site URL (for DAST)
    • OpenAPI spec (for API fuzzing)
  • No CI/CD pipeline required

โœ… 8. Security Configuration

  • Navigate: Secure > Security Configuration
  • All tools toggled here
  • Edit variables, scan schedules, timeouts
  • Links to pipelines that used each security tool

๐Ÿ”„ OPTIONAL: Enable Advanced Features

  1. Enable License Compliance
  2. Build & scan Docker images โ†’ View Container Scanning results
  3. Add intentionally vulnerable code/libraries to test deeper scanning

๐Ÿ“Š STEP 5: Automate Reporting (Optional)

You can set up email reports or export results via API:

๐Ÿ“š Learning Summary

By the end of this guide, youโ€™ve:

โœ”๏ธ Enabled full suite of GitLab Secure features
โœ”๏ธ Explored each report and dashboard
โœ”๏ธ Configured On-Demand scans and Policies
โœ”๏ธ Seen real security results and recommendations

Find Trusted Cardiac Hospitals

Compare heart hospitals by city and services โ€” all in one place.

Explore Hospitals

Similar Posts

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments