Tutorials: Secure your application and check compliance

GitLab can check your application for security vulnerabilities and that it meets compliance requirements.

Learn security fundamentals

Start here to understand the security basics at GitLab.

Topic	Description	Good for beginners
GitLab Security Essentials	Learn about the essential security capabilities of GitLab in this self-paced course.
Get started with GitLab application security	Follow recommended steps to set up security tools.

Create fundamental scans to identify vulnerabilities.

Topic	Description	Good for beginners
Set up dependency scanning	Learn how to detect vulnerabilities in an application’s dependencies.
Scan a Docker container for vulnerabilities	Learn how to use container scanning templates to add container scanning to your projects.

Prevent sensitive data from being committed to your repository.

Topic	Description	Good for beginners
Protect your project with secret push protection	Enable secret push protection in your project.
Remove a secret from your commits	Learn how to remove a secret from your commit history.

Enforce security requirements across your projects.

Topic	Description	Good for beginners
Set up a scan execution policy	Learn how to create a scan execution policy to enforce security scanning of your project.
Set up a pipeline execution policy	Learn how to create a pipeline execution policy to enforce security scanning across projects as part of the pipeline.
Set up a merge request approval policy	Learn how to configure a merge request approval policy that takes action based on scan results.

Meet regulatory requirements and generate compliance documentation.

Topic	Description	Good for beginners
Generate a software bill of materials with GitLab package registry	Learn how to generate an SBOM across all projects in a group.
Export Dependency List in SBOM format	Learn how to export an application’s dependencies to the CycloneDX SBOM format.