 Hello, my name's Fernando and I'm a technical marketing manager here at GitLab and today I'm going to go over the newly released security features in GitLab 15. First we can see that container scanning is now available in all tiers of GitLab. This helps developers find known security vulnerabilities and dependencies within the container images. In the past this feature was only available in GitLab Ultimate but is now seen in the free and premium versions as well. Once container scanning has been added to a pipeline we can simply click on a completed pipeline then we can go to our stage where container scanning is defined and click on our container scanning job. This will show us all the vulnerabilities found within our container images. We can also download a JSON of the results. By looking at the container scanning documentation provided within the links in the description you can see the capabilities available in free versus those available within our ultimate tier. The next feature I'd like to go over are the audit changes to group IP allow list. Many changes performed to the group IP allow list now generates audit events. This allows us to see who changed the group IP allow list as well as when. Now let's go ahead and change the group IP allow list. I go to settings and general and from there I can scroll down to permission and group features. I'll go ahead and expand this section and I can scroll down and I can see allow access to the following IP addresses. I'm going to go ahead and add a random IP address. Then I'm going to scroll down and save these changes. Now I'll go check out my audit events. This can be done by going to the security and compliance tab and clicking on audit events. And here we see an audit event of me adding an IP address. Audit events are also logged for merge settings. This includes merge method, options, checks, suggestions and much more. I'm going to go ahead and change the merge request settings. I can do this by going to settings and clicking on general. Then I'll go to merge request approvals and expand the tab and I'm going to go ahead and change the eligible approvers to two as well as enable the coverage check. And I will add an approver, Sam White and then I'm going to go ahead and add this approval rule. Then we also prevent approval from author and prevent approval from users who add commits. And let's save these changes. Now when going to the security and compliance tab and clicking on audit events, we can see a bunch of different audit events that have been logged for different merge request settings changes. This helps us audit the system and prevent noncompliance. Scan result policies are now listed under MR approval settings. This makes it easy to view in one location all merge request approval rules that apply to the project. We can see this in action by going to our project settings and clicking on general. Let's go ahead and expand the merge request approvals section. And as we scroll down we can see security approvals and from here we can view details, edit policies as well as create new security policies. You are now able to upload project level secure files. You can upload binary files to projects in GitLab and include those files in CI CD jobs to be used in the build and release processes as needed. They are stored outside of version control and are not part of the project repository. To add a secure file, go to settings and click on CI CD. From here you can scroll down to secure files and click on manage. And here you'll be able to upload different files. We can see in the secure file documentation located in the description how to use the secure files within our CI CD job. Another new feature is dependency path information. Dependency scanning can now identify the shortest dependency path for findings identified in your project. This makes it easier for users to triage the finding and to determine the steps to resolve the vulnerability. One way to see the dependency path info is using the dependency list. Here the location column provides us with the shortest dependency path. Dependency info can also be seen within a merge request before the code is actually merged into our main branch. When going to our security scanning, we go down to dependency scanning and click on a vulnerability. And here we can see evidence with the vulnerable package which makes it easier to find the resolution. And now I'll go over some of our scanner updates. With each new GitLab version, we make sure to maintain and update all of our different scanners. First, SEMCREP-based SAST scanning is available for early adoption. It allows for a significantly faster analysis, reduced usage of CI minutes, and more customizable scanning rules compared to the different language specific analyzers. To learn more about this, please see the links in the description. Next, we have updates to secure and protect analyzer major versions. These updates include schema validations which make GitLab analyzers and third-party integrations much more reliable. There are also many updates to the static analysis analyzers. They include additional coverage, bug fixes, and improvements. For more detailed information on these updates, please see the links in the description. Thanks for watching, and I hope you enjoyed this video. For more information on GitLab as well as these security features, please see the links in the description, and make sure to hit that subscribe button.