Tutorials: Secure your application and check compliance
GitLab can check your application for security vulnerabilities and that it meets compliance requirements.
Learn security fundamentals
Start here to understand the security basics at GitLab.
| Topic | Description | Good for beginners |
|---|---|---|
| GitLab Security Essentials | Learn about the essential security capabilities of GitLab in this self-paced course. Estimated time: 6 hours. |
Set up basic security detection
Create fundamental scans to identify vulnerabilities.
| Topic | Description | Good for beginners |
|---|---|---|
| Set up dependency scanning | Learn how to detect vulnerabilities in an application’s dependencies. Estimated time: 15-20 minutes. | |
| Set up dependency scanning using the SBOM method | Learn how to detect vulnerabilities in an application’s dependencies using the SBOM method. Estimated time: 15-20 minutes. | |
| Scan a Docker container for vulnerabilities | Learn how to use container scanning templates to add container scanning to your projects. Estimated time: 15-20 minutes. | |
| A comprehensive guide to GitLab DAST | Learn how to configure dynamic application security testing, perform scans, and implement security policies. Estimated time: 15-20 minutes. |
Protect against secret exposure
Prevent sensitive data from being committed to your repository.
| Topic | Description | Good for beginners |
|---|---|---|
| Protect your project with secret push protection | Enable secret push protection in your project. Estimated time: 5-10 minutes. | |
| Detect secrets committed to a project | Learn how to detect and remediate secrets committed to your project’s repository. Estimated time: 15-20 minutes. | |
| Remove a secret from your commits | Learn how to remove a secret from your commit history. Estimated time: 15-20 minutes. |
Implement security policies and governance
Enforce security requirements across your projects.
| Topic | Description | Good for beginners |
|---|---|---|
| Set up a scan execution policy | Learn how to create a scan execution policy to enforce security scanning of your project. Estimated time: 30-45 minutes. | |
| Set up a pipeline execution policy | Learn how to create a pipeline execution policy to enforce security scanning across projects as part of the pipeline. Estimated time: 30-45 minutes. | |
| Set up a merge request approval policy | Learn how to configure a merge request approval policy that takes action based on scan results. Estimated time: 30-45 minutes. |
Establish compliance and reporting
Meet regulatory requirements and generate compliance documentation.
| Topic | Description | Good for beginners |
|---|---|---|
| Generate a software bill of materials with GitLab package registry | Learn how to generate an SBOM across all projects in a group. Estimated time: 1 hour. | |
| Export dependency list in SBOM format | Learn how to export an application’s dependencies to the CycloneDX SBOM format. Estimated time: 15-20 minutes. |