GITLABOFF_SECESSENTIALS
GitLab Security Essentials Training
This class covers all of the essential security capabilities of GitLab, including Static Application Security Testing, secret detection, Dynamic Application Security Testing, dependency scanning, container scanning, API security, and compliance. Since most of these features are only available for customers with an Ultimate license, this course is intended for Ultimate customers only.
What you will learn
- Shift security left and right
- Choose security scanners
- Leverage vulnerability management and vulnerability reports
- Use security best practices
- Solve problems with SAST
- Use best practices for implementing SAST scanners
- Solve problems with secret detection
- Use best practices for implementing secret detection scanners
- View vulnerabilities in merge requests, vulnerability reports, and pipeline reports
- Use best practices for triaging vulnerabilities
- Use AI to resolve vulnerabilities
- Solve problems with dependency scanning
- Use best practices for implementing dependency scanners
- Solve problems with IaC scanning
- Use best practices for implementing IaC scanners
- Solve problems with container scanning
- Use best practices for implementing container scanners
- Solve problems with API security
- Use best practices for implementing API security
- Solve problems with DAST
- Use best practices for implementing DAST scanners
- Solve problems with operational container scanning
- Use best practices for implementing operational container scanners
- Align with common compliance standards
- Identify and enforce compliance requirements
- Track security-related actions
- Gather audit events for processing
- Control what can be pushed to a repository
Prerequisites
- GitLab Fundamentals course or equivalent knowledge
- GitLab CI/CD course or equivalent knowledge
- Knowledge of Git, GitLab, or GitLab CI/CD
Target audience
- Project managers, developers, DevSecOps engineers, and security specialists who are using GitLab with the Ultimate license
Training Program
8 modules to master the fundamentals
Topics covered
- βShift security left and right
- βChoose security scanners
- βLeverage vulnerability management and vulnerability reports
- βUse security best practices
Topics covered
- βSolve problems with SAST
- βUse best practices for implementing SAST scanners
- βSolve problems with secret detection
- βUse best practices for implementing secret detection scanners
Topics covered
- βView vulnerabilities in merge requests, vulnerability reports, and pipeline reports
- βUse best practices for triaging vulnerabilities
- βUse AI to resolve vulnerabilities
Topics covered
- βSolve problems with dependency scanning
- βUse best practices for implementing dependency scanners
- βSolve problems with IaC scanning
- βUse best practices for implementing IaC scanners
Topics covered
- βSolve problems with container scanning
- βUse best practices for implementing container scanners
Topics covered
- βSolve problems with API security
- βUse best practices for implementing API security
- βSolve problems with DAST
- βUse best practices for implementing DAST scanners
Topics covered
- βSolve problems with operational container scanning
- βUse best practices for implementing operational container scanners
Topics covered
- βAlign with common compliance standards
- βIdentify and enforce compliance requirements
- βTrack security-related actions
- βGather audit events for processing
- βControl what can be pushed to a repository
Quality Process
SFEIR Institute's commitment: an excellence approach to ensure the quality and success of all our training programs. Learn more about our quality approach
Teaching Methods Used
- Lectures / Theoretical Slides β Presentation of concepts using visual aids (PowerPoint, PDF).
- Technical Demonstration (Demos) β The instructor performs a task or procedure while students observe.
- Guided Labs β Guided practical exercises on software, hardware, or technical environments.
Evaluation and Monitoring System
The achievement of training objectives is evaluated at multiple levels to ensure quality:
- Continuous Knowledge Assessment : Verification of knowledge throughout the training via participatory methods (quizzes, practical exercises, case studies) under instructor supervision.
- Progress Measurement : Comparative self-assessment system including an initial diagnostic to determine the starting level, followed by a final evaluation to validate skills development.
- Quality Evaluation : End-of-session satisfaction questionnaire to measure the relevance and effectiveness of the training as perceived by participants.
Upcoming sessions
No date suits you?
We regularly organize new sessions. Contact us to find out about upcoming dates or to schedule a session at a date of your choice.
Register for a custom dateTrain multiple employees
- Volume discounts (multiple seats)
- Private or custom session
- On-site or remote