 Hey there, my name is Fernando and I'm a technical marketing manager here at GitLab and today I'm gonna go over some of the new security features released in GitLab 15.10 And then we're gonna go ahead and do some lifting. Let's go Today we will be covering the features displayed here If you want to skip to a particular feature see the video chapters within the description The first feature we will discuss is that GitLab now automatically resolves SaaS findings whenever rules are disabled In GitLab we can define a ruleset.toml and disable particular security vulnerability rules within that file When a rule is disabled and the security scanner is complete on the main branch When viewing the vulnerability report you will see the vulnerabilities of the disabled rules automatically resolve In the past they were marked as no longer detected and you had to take action on them Now let's see this in action In my .gitlab folder I have my SaaS ruleset.toml that I use to configure my SaaS scanners Here I am disabling a ruleset which has a type of semcrep underscore ID and a value of bandit.b608 Note that my pipeline has already run with this configuration When I go to my vulnerability reports I can sort by resolved And here we can see that the status of these particular vulnerabilities with the bandit identifier has been resolved Note that the action was taken by the GitLab security bot If I scroll to the bottom I can see that the security bot resolved it because it was disabled This makes rule management and triage much easier for the security team The next feature we will cover is the compliance framework report This report was added so you can see at a glance which compliance frameworks have been applied to which projects in your group Now let's see what that report looks like Within my top level group I go to security and compliance And click on compliance report The first section shows violations to compliance Which shows things like less than two approvers, approved by committer, approved by author And other violations to my merge request approval rules If I click on frameworks here I can see all the different projects As well as the compliance framework applied if any I can go ahead and click on several different projects And then choose a bulk action such as applying framework to the selected projects Then I select the appropriate framework I hit apply and bam now these projects have the SOC compliance framework Next on the list is that you can now enforce infrastructure as code scanning Using scan execution policies This allows project maintainers to force scans to run regardless of what the GitLab CI file looks like This enables separation of duties and makes sure that security scanners are not disabled just so code can be merged Now let's see it in action I'm going to navigate to our .gitlabci.yaml And here under include we can see that there is no infrastructure as code scanning enabled To verify we'll go to the pipeline And here we can see that there was no infrastructure as code job run Now let's proceed to creating a scan execution policy We can go to the security and compliance tab and click on policies Within the policy management UI let's create a new policy We are going to select scan execution policy Now let's define our scan execution policy We're going to provide it with a name and a detailed description Note this field is optional but is important for record keeping Then we'll make sure that the policy is set to enabled And then we'll go ahead and create a condition A pipeline is run actions for the star branches Means that if any pipeline is run on any branch we take the appropriate action Which we will define now Our action states then require a I'm going to select SAS infrastructures code scan on runner that has a specific tag Or is selected automatically Now go ahead and configure this with a merge request That way I can add this policy to my policy management project Then I'll go ahead and quickly merge this policy Then let's go back to our project and rerun the pipeline And here we can see the infrastructure as code scanner running via policies And last but not least with every update to GitLab We have updates to the different security scanners Here you can see some updates to dependency scanning Such as new support for DS max depth variable That allows users to scan their entire repository for lock files There is now self-managed support for the new license compliance scanner Which includes instances running in an offline environment And updates to the static analysis analyzers Which you can learn more about with the links in the description Let's do this, let's do this, DevSecOps, DevSecOps, one platform, go! Thanks for watching and I hope you enjoyed For more information on GitLab and security features See the links on the description And be sure to hit that subscribe button