 Hey, my name is Fernando and I'm a technical marketing manager here at GitLab and today I'm going to go over some of the security features released in version 13.10 All right, let's get started. So the first feature I want to go over is the vulnerability bulk status updates So now we can update a whole set of vulnerabilities within the vulnerability report. So let's take a look at that So here I have my project. I go to security and compliance and vulnerability report and Now you see that there's this little clickable radio box and I can go ahead and Change the status of all the vulnerabilities that I see fit to one complete status So I can set these all to a dismissed. Let's say I don't need to worry about them anymore and Now we have a bunch of vulnerabilities dismissed in a batch And we can see that here This makes it a lot easier for the security team or apps like engineers to go ahead and and just dismiss a whole bunch of Vulnerabilities that that need to be dismissed or go ahead and approve everything all at once if there's multiple of the same Vulnerability caught or there's similar vulnerabilities that can be grouped together Next thing we're going to look at is the clickable file and line numbers links in the vulnerability reports, so You can see that some of the some of the items in the vulnerability report now have a link Directing you to where the vulnerability was found. So either the line of code or the actual file Depending on the file type. So here you can see that there's one for possible binding of all interfaces That was dismissed again click on that and it'll take me straight to the file number where here I can see that that there is an issue because I'm setting debug to true That's another feature that makes it easy to go ahead and and go through code and be able to debug and find where the vulnerability is located at just an instance without having to deep dive into an issue then There's going to be these new icons added to the vulnerability trend start or what's known as a security dashboard so Going to the security dashboard So it gives us a list of the vulnerabilities that were added or that were resolved Within a given time frame. So now you can see that here We can go through it and we can actually sort through the different times and get the actual times that we want So before this was just a 365 day view But now we can actually sort through it and see exactly the point that we want And then there's also a couple items that we can actually use to select the area that we want to so we can go ahead and select all of this We can zoom in We can go back to our history and we can even download an image of it. So you can see that there was an SPG image downloaded Next let's jump into the container scanning engine So before we were using Claire and Clark as our container scanning Engines and now we're going ahead and moving to Trivi. So Just an example Trivi, we've seen it to catch more vulnerabilities For our container scans and this will I'll just show you the output So if I go here container scans You can see that there's a different output and this is running on Trivi. It's showing us all the all the vulnerabilities found for container scanning and in order to get this to work what we all we have to do is within the Get lab CI YAML file we go ahead and we add this CI major version and we set that to 4 and Last thing I wanted to show you was the graphical interface for configuring API fuzzing so If we go to security and compliance and we go to configuration There's going to be a Little thing here for API fuzzing and you can see that under the manage table. We'll see enable and Here we can provide the target URL we can provide the scan mode So if we have open API postman or R and We can enable authentication if we need to to provide a username and password for basic authentication and We can set a profile. So what this does is it automatically creates These variables within the CI YAML. So let me go ahead and show you So You see these variables right here. There's fuzz API profile, which I selected the long 100 tells us what type of fuzzing to run I Select the open API file here and I select the target URL and all of this can be built From that configuration thought So there you have it some of the security features released in 13.10 be sure to subscribe and follow for more content like this Thanks