Welcome #

Welcome to Simple Notes - GitLab DevSecOps Introduction. This Project will help you gain a better understanding of how to successfully shift security left to find and fix security flaws during development and do so more easily, with greater visibility and control than typical approaches can provide.

Getting Started #

In order to get started, go through each of the lessons described within the workshop:

Lesson 1: Prerequisites
Lesson 2: Deploying the Demo Application
Lesson 3: Setting up and Configuring the Security Scanners and Policies
Lesson 4: Developer Workflow
Lesson 5: AppSec Workflow

Outcomes #

  • How to achieve comprehensive security scanning without adding a bunch of new tools and processes
  • How to secure your cloud native applications and IaC environments within existing DevOps workflows
  • How to use a single-source-of-truth to improve collaboration between dev and sec
  • How to manage all of your software vulnerabilities in one place
  • How to automate and monitor your security policies and simplify auditing
  • How to detect unknown vulnerabilities and errors using fuzz-testing

Sections #

1PrerequisitesRequirements to get started with the project
2Deploying the Demo ApplicationLearn how to deploy and expose the demo application
3Setting up and Configuring the Security Scanners and PoliciesLearn how to setup and configure the different types of security scans. This includes Security Policies as well
4Developer WorkflowLearn how to view and take action on vulnerabilities within a Merge Request
5AppSec WorkflowLearn how to triage vulnerabilities and collaborate with other members of a Security team

Additional Resources #

To learn about the project we are using you can see the following documentation: