 Hi, my name is Fernando and I'm a technical marketing manager here at GitLab today I'm going to go over some of the new features in the 13.5 release so the first feature I'm going to go over is customizing sast and secret detection rules and What this does is it allows you to modify your existing sast rules as well as modify your existing secret Detection rules and be able to remove some of those rules from from actually being used in the scans So why is this important? Well, this is important because it allows better customization of your sast scanner and secret detection scanner to go ahead and run custom rule sets Make the the current rules, you know more custom to your organization's needs Same thing for example like for secret detection instead of maybe there's weird types of formats for secrets that you use that you put within That you can put within code and we want to detect those we want to add more instead of just scanning for a password or Pass the BD or the default ones. We want to add more and now I'm going to show you that in the demo One thing to note that right now is that this is available in the sast for Node.js and Golang and These customizations can be provided by editing the TAML file and Now, yeah, let me jump into this demo So I've created this project called tiny micro is just a simple go microservice and I'm going to show you how this works. So I have a dot git lab Folder with the sass rule set dot TAML and what this is doing is It's setting a custom rule set for Golang and it's gonna For go sec and what it's going to do is it's going to use this File as the custom rule set file So you can see that we're going to use the go sec config dot JSON to customize the go sec scanner and what I do here is I go to the go sec config and I created this which checks for certain patterns or certain strings and I added the weird pattern So the default one looked exactly like this Without the weird so now I added a pattern to detect anything that has weird in it as a possible hard-coded secret vulnerability and I went ahead and changed the entropy and you can read all about this within go sec, but So now looking at my main.go You can see that I just print I just have a variable name weird and I'm just printing that out and if I go to The security dashboard to see the vulnerabilities detected within the master branch which that's in you can see a vulnerability for potentially hard-coded credentials and There you're going to see that there's a essentially hard-coded credential I go to location which is in main.go 26 and you can see eight points to my weird variable So that's one thing I wanted to note now And that this makes it very very useful for Just expanding these rule sets and adding different things and different configurations The rules are of course different in the node.js. It just depends on the scanner what you can customize And you can see that within the documentation