doc/tutorials/secure_application.md
GitLab can check your application for security vulnerabilities and that it meets compliance requirements.
Start here to understand the security basics at GitLab.
| Topic | Description | Good for beginners |
|---|---|---|
| GitLab Security Essentials | Learn about the essential security capabilities of GitLab in this self-paced course. Estimated time: 6 hours. | {{< icon name="star" >}} |
Create fundamental scans to identify vulnerabilities.
| Topic | Description | Good for beginners |
|---|---|---|
| Set up dependency scanning | Learn how to detect vulnerabilities in an application's dependencies. Estimated time: 15-20 minutes. | {{< icon name="star" >}} |
| Set up dependency scanning using the SBOM method | Learn how to detect vulnerabilities in an application's dependencies using the SBOM method. Estimated time: 15-20 minutes. | {{< icon name="star" >}} |
| Scan a Docker container for vulnerabilities | Learn how to use container scanning templates to add container scanning to your projects. Estimated time: 15-20 minutes. | {{< icon name="star" >}} |
| A comprehensive guide to GitLab DAST | Learn how to configure dynamic application security testing, perform scans, and implement security policies. Estimated time: 15-20 minutes. | {{< icon name="star" >}} |
Prevent sensitive data from being committed to your repository.
| Topic | Description | Good for beginners |
|---|---|---|
| Protect your project with secret push protection | Enable secret push protection in your project. Estimated time: 5-10 minutes. | {{< icon name="star" >}} |
| Detect secrets committed to a project | Learn how to detect and remediate secrets committed to your project's repository. Estimated time: 15-20 minutes. | {{< icon name="star" >}} |
| Remove a secret from your commits | Learn how to remove a secret from your commit history. Estimated time: 15-20 minutes. | {{< icon name="star" >}} |
Enforce security requirements across your projects.
| Topic | Description | Good for beginners |
|---|---|---|
| Set up a scan execution policy | Learn how to create a scan execution policy to enforce security scanning of your project. Estimated time: 30-45 minutes. | {{< icon name="star" >}} |
| Set up a pipeline execution policy | Learn how to create a pipeline execution policy to enforce security scanning across projects as part of the pipeline. Estimated time: 30-45 minutes. | {{< icon name="star" >}} |
| Set up a merge request approval policy | Learn how to configure a merge request approval policy that takes action based on scan results. Estimated time: 30-45 minutes. | {{< icon name="star" >}} |
Meet regulatory requirements and generate compliance documentation.
| Topic | Description | Good for beginners |
|---|---|---|
| Generate a software bill of materials with GitLab package registry | Learn how to generate an SBOM across all projects in a group. Estimated time: 1 hour. | {{< icon name="star" >}} |
| Export dependency list in SBOM format | Learn how to export an application's dependencies to the CycloneDX SBOM format. Estimated time: 15-20 minutes. | {{< icon name="star" >}} |