 Hello and welcome. My name is Fernando and I'm a technical marketing manager here at GitLab. Today, I'm going to get started on showing you some of the newly released security features of GitLab 15.2. The first new feature we can see is enforcing IP address restrictions for Git over SSH. We're able to limit access to request from a trusted set of IP addresses in order to improve security. In the past, only the API and UI, in the past, you can block SSH access entirely. But now you can have SSH adhere to this restriction and grant access only to requests coming from IP addresses within your list. Now let's take a look at how to do this. Within our group, we go to settings and general, and then we scroll down to the permissions and group features and expand the tab. If we continue to scroll down, we can see restrict access by IP address, and here we can add the IP addresses which will have access. Then if we keep scrolling down, we can enable it for either only HTTPS or only SSH or both. The next feature I'd like to go over is that we can now perform scan execution policies at the group and subgroup level. This will allow us to force scans to run no matter what the GitLab CI pipeline contains, and when set at the group or subgroup level, it will flow down and apply to all child projects. Now let's go ahead and set this up. Here in my project, I'm going to go to my GitLab CI YAML file, and we can see that there's only the build stage. Let's take a look at the pipeline, and we can see that all we're doing is running the build job within the build stage. Going to the subgroup which houses this project, I can go and go to my security and compliance tab, and click on policies. Here within the policy UI, I'm going to go ahead and create a new policy. I'll go ahead and provide it with a name, a description. I'll set the scanner type to SAST, and then focus on the main branch. Then I'll go ahead and configure it with a merger quest. You can see that a new project was created for the security policy within our subgroup. I'm going to go ahead and just merge this, and now we can go back to our subgroup. We can see the new security policy project here, and then let's go down and go to our workshop notes app, where we initially just saw the build job, and let's go to CI CD and pipelines so we can run a new pipeline. Now I'm going to go ahead and rerun the main pipeline, and we can see that the build job is running along with SAST, which is part of our scan policies. The next feature I wanted to go over is that we've added new audit events. There are now audit events for group level merger quest settings, as well as when two factor authentication is disabled. Governance and visibility over these changes will help you strengthen separation of duties and further simplify audits. Now let's see this in action. Within my group, I'm going to go to settings and general, and I'm going to go scroll down to merger quest approvals. And I'm going to go ahead and change some of the approval settings for merger quest approvals. So I'm going to check different boxes to prevent approval by author and more, and I'll save these changes. And now when I go back to security and compliance and audit events, you can see that these changes were logged within my audit events. Next, there's faster secret detection. We now use a new technique that cuts scan times by skipping expensive operations when they can't possibly match. The analyzer now first scans for exact strings before running full matching rules. This could scan time by 50 to 75% in medium size repositories. And last, as always, we continuously enhanced the different security scanners by optimizing, updating, and maintaining them within our infrastructure. Here's some of the newest updates made to our static analysis scanners. Thanks for watching, and I hope you enjoyed. For more information on all these new updates, be sure to see the links in the description. And if you enjoyed, please be sure to hit that subscribe button. Thanks again.