Secure your application

GitLab can check your applications for security vulnerabilities.

     
Getting started
Overview of how features fit together.
Application security
Scanning, vulnerabilities, compliance, customization, reporting.
Security configuration
Configuration, testing, compliance, scanning, enablement.
Container Scanning
Image vulnerability scanning, configuration, customization, reporting.
Dependency Scanning
Vulnerabilities, remediation, configuration, analyzers, reports.
Comparison
Dependency Scanning compared to Container Scanning.
Dependency List
vulnerabilities, licenses, filtering, exporting.
Continuous Vulnerability Scanning
Scanning, dependencies, advisories, background jobs.
Static Application Security Testing
Scanning, configuration, analyzers, vulnerabilities, reporting, customization, integration.
Infrastructure as Code (IaC) Scanning
Vulnerability detection, configuration analysis, pipeline integration.
Secret detection
Detection, prevention, monitoring, storage, revocation, reporting.
Dynamic Application Security Testing (DAST)
Automated penetration testing, vulnerability detection, web application scanning, security assessment, CI/CD integration.
API Security
Protection, analysis, testing, scanning, discovery.
Web API Fuzz Testing
Testing, security, vulnerabilities, automation, errors.
Coverage-guided fuzz testing
Coverage-guided fuzzing, random inputs, unexpected behavior.
Security Dashboard
Security dashboards, vulnerability trends, project ratings, metrics.
Offline environments
Offline security scanning, resolving vulnerabilities.
Vulnerability Report
Filtering, grouping, exporting, manual addition.
Vulnerability Page
Vulnerability details, status, resolution, linking issues.
Vulnerability severity levels
Classification, impact, prioritization, risk assessment.
GitLab Advisory Database
Security advisories, vulnerabilities, dependencies, database, updates.
CVE ID requests
Vulnerability tracking, security disclosure.
Policies
Security policies, enforcement, compliance, approvals, scans.
Security scanner integration
Reporting, vulnerabilities, remediations, tracking.