 Hi, my name is Fernando and I'm a technical marketing manager here at GitLab and today I'm going to show you some of the new security features released in GitLab 14.1 Now let's get started. The first feature I want to show you is the ability to select the role for the project access token So in the past project access tokens always gave the role of the maintainer to the user But there could be project access tokens which require less permissions and we don't want it to be too permissive So we introduce roles for project access tokens So in order to see this we can go to settings and then click on access tokens and Now when we create our project access token, you can see that we can add the scopes, but we can also have the role Which we can add This feature was added in order to avoid abuse to the API's The next feature I want to go over is quick access to the compliance report entries So with the compliance dashboard, you can see the different merger quests their approval status and The newest pipeline that has been run on them So when clicking on the actual merger quest you get additional information and this makes it easier to go through the information And saves developers and maintainers time. So let's take a look at that So when I go to security and compliance and click on compliance You can see all the different merger quests for the different projects And if I click on one of them, you see the additional information here You'll see which project that's part of what merger request number it is what path it is Who made the change who reviewed it and who it was merged by this is great audit information The next feature I want to show is the tracking of usage of security scanning across multiple teams We can track which groups across our organization are using sast and das scanning So in order to do this We go to our group We go to analytics see the DevOps adoption And then now you can see that there is a sec image And it tells us that four out of four sec features have been adopted It'll give us das first testing sast and dependency scanning and what this shows Is that Dependency scanning has been enabled for at least one project if there is a dot here So this means that das has been enabled for at least one project same thing for dependency scanning first testing and sast And this is useful because it helps us track which groups are actually using security tools So here at git lab. We're committed to constantly releasing updates to all of our tools Here you can see that the sast Analyzer has been updated and you can see a couple of the different updates within this release So there's going to be Different updates for flaw finder, gosec, some grep and mob s up and the bigger changes Are the fixed bugs and detection patterns new detection patterns and setting a time limit Uh of 10 seconds per file And within mob sf we're removing support for python 3.8 to mitigate a security issue And these are all updates from the actual Open source community which maintains these tools and then we maintain it within our git lab infrastructure And the last new security feature I wanted to go over is the das UI configuration experience So we've added a UI in order to configure all the different security scanners Making it easy for someone to get started with integrating security into their git lab project So within our project we go to security and compliance and we click on configuration And here we see that dynamic application security testing can be enabled So if we don't have it enabled it'll show not enabled but once we enable it We'll show it. We'll see it there. So I'm going to use an existing scanner profile and site profile Which tells us which site to target and gives us more information on the scanner and we can edit these or add new ones But I'm going to go ahead and generate that code snippet And what all this will do is it'll copy the code snippet and open the git lab UI Now I'm in the git lab ci.yaml and now I'm going to go ahead and add these items. So I pasted the code I recently copied And I'm going to move this over to stages Remove this And here's the include template Here's das running on the dash stage And the configuration providing the site profile and the scanner profile that we've defined And I can go ahead and commit these changes And you can see that a pipeline is running clicking on that pipeline You'll see that das has been added Back at the security configuration window we can see that das has been enabled So in the past this was only available for sast But you can see that we have also introduced this for dependency scanning secret detection And api fuzzing and more will come soon Thanks for watching and I hope you enjoyed this coverage of the new security features with git lab 14.1