GITLABOFF_SECESSENTIALS
GitLab Security Essentials Training
This class covers all of the essential security capabilities of GitLab, including Static Application Security Testing, secret detection, Dynamic Application Security Testing, dependency scanning, container scanning, API security, and compliance. Since most of these features are only available for customers with an Ultimate license, this course is intended for Ultimate customers only.
What you will learn
- Shift security left and right
- Choose security scanners
- Leverage vulnerability management and vulnerability reports
- Use security best practices
- Solve problems with SAST
- Use best practices for implementing SAST scanners
- Solve problems with secret detection
- Use best practices for implementing secret detection scanners
- View vulnerabilities in merge requests, vulnerability reports, and pipeline reports
- Use best practices for triaging vulnerabilities
- Use AI to resolve vulnerabilities
- Solve problems with dependency scanning
- Use best practices for implementing dependency scanners
- Solve problems with IaC scanning
- Use best practices for implementing IaC scanners
- Solve problems with container scanning
- Use best practices for implementing container scanners
- Solve problems with API security
- Use best practices for implementing API security
- Solve problems with DAST
- Use best practices for implementing DAST scanners
- Solve problems with operational container scanning
- Use best practices for implementing operational container scanners
- Align with common compliance standards
- Identify and enforce compliance requirements
- Track security-related actions
- Gather audit events for processing
- Control what can be pushed to a repository
Prerequisites
- GitLab Fundamentals course or equivalent knowledge
- GitLab CI/CD course or equivalent knowledge
- Knowledge of Git, GitLab, or GitLab CI/CD
Target audience
- Project managers, developers, DevSecOps engineers, and security specialists who are using GitLab with the Ultimate license
Training Program
8 modules to master the fundamentals
Topics covered
- →Shift security left and right
- →Choose security scanners
- →Leverage vulnerability management and vulnerability reports
- →Use security best practices
Topics covered
- →Solve problems with SAST
- →Use best practices for implementing SAST scanners
- →Solve problems with secret detection
- →Use best practices for implementing secret detection scanners
Topics covered
- →View vulnerabilities in merge requests, vulnerability reports, and pipeline reports
- →Use best practices for triaging vulnerabilities
- →Use AI to resolve vulnerabilities
Topics covered
- →Solve problems with dependency scanning
- →Use best practices for implementing dependency scanners
- →Solve problems with IaC scanning
- →Use best practices for implementing IaC scanners
Topics covered
- →Solve problems with container scanning
- →Use best practices for implementing container scanners
Topics covered
- →Solve problems with API security
- →Use best practices for implementing API security
- →Solve problems with DAST
- →Use best practices for implementing DAST scanners
Topics covered
- →Solve problems with operational container scanning
- →Use best practices for implementing operational container scanners
Topics covered
- →Align with common compliance standards
- →Identify and enforce compliance requirements
- →Track security-related actions
- →Gather audit events for processing
- →Control what can be pushed to a repository
Quality Process
SFEIR Institute's commitment: an excellence approach to ensure the quality and success of all our training programs. Learn more about our quality approach
Teaching Methods Used
- Lectures / Theoretical Slides — Presentation of concepts using visual aids (PowerPoint, PDF).
- Technical Demonstration (Demos) — The instructor performs a task or procedure while students observe.
- Guided Labs — Guided practical exercises on software, hardware, or technical environments.
Evaluation and Monitoring System
The achievement of training objectives is evaluated at multiple levels to ensure quality:
- Continuous Knowledge Assessment : Verification of knowledge throughout the training via participatory methods (quizzes, practical exercises, case studies) under instructor supervision.
- Progress Measurement : Comparative self-assessment system including an initial diagnostic to determine the starting level, followed by a final evaluation to validate skills development.
- Quality Evaluation : End-of-session satisfaction questionnaire to measure the relevance and effectiveness of the training as perceived by participants.
Upcoming sessions
No date suits you?
We regularly organize new sessions. Contact us to find out about upcoming dates or to schedule a session at a date of your choice.
Register for a custom dateTrain multiple employees
- Volume discounts (multiple seats)
- Private or custom session
- On-site or remote