 Good morning. Good afternoon and good day to you all. My name is David Astor and I am a solution architect with GitLab So today I want to talk to you about really protecting yourself from the dangers in the world Being diligent and understanding your surroundings is extremely important If you'll indulge me for a moment and got a quick story. I actually I Actually have a 13 year old heading to high school next year and as a father. I'm really excited and terrified at the same time So one of the lessons that we have always taught my daughter is to not be afraid but rather be aware so Being aware of your environment really acts as a layer of protection for you Having knowledge up front it vastly improves how you can deal with a situation. It really provides a sense of security for you That's all well and good, right? And that's extremely important in the real world, right? And that in no way though diminishes the awareness that you need in the virtual world If anything you probably need to be more even hyper aware of what's going on because in the world of bits and bytes Let's face it. There are people that want to harm you Right there. We've all seen news stories too many news stories about credit cards Banks even our favorite retailers having their networks breached and data exposed Now this is extremely costly of course not only for those Organizations right but also for the consumers also for the be for the for the individuals whose whose information is taken from them and This is all happening and it's often the scary part of it. It's not even discovered sometimes it's a month after it actually happened So when developing software just like in real life, it really pays to have that knowledge up front Knowing what you're getting into before you actually release code can really be the difference between two vastly different headlines for your company in the news So let's talk about a git lab can help with that So git lab is as you see here. It's a single application for the complete sdlc process We can do everything from your initial planning of your work all the way until Delivering it releasing it and of course monitoring that work once out there But when you talk about what get lab can do git lab is really firm believers and practitioners of the entire shift left movement We want to arm your teams with information about security vulnerabilities and test results as soon as possible So for instance if you look at later the year we're a stage here Where we're committing some code. So let's say we're at that create area where we're committing some code in We want to make sure that before anything gets moved on to the later stages of your sdlc That you have all that information up front that we have given you test results. We've given you any kind of vulnerability results To you so again, you're aware of what's about to happen So an example again when you are committing code into a repository and you have our auto devops feature enabled You can get all of these security scanning tools working for you right away You're going to get auto static application testing so you can test your compile code there. If you're using a Kubernetes with containers you're going to get containers scanning for vulnerabilities You also want to check for dependencies to make sure that everything's where it's supposed to be and even make sure you're in compliance with license management That could be very costly if you're not and then of course dynamic application testing is going to be run as well Part of what get lab brings to the table is in its single application is that it allows you to create an ephemeral or throw away Containerized environment with your change that you just made and all of the The commit that you just made in there and all the information about that is going to be run against that containerized environment So the results of all those scans are reported right back into a merge request and then you're going to get all of those to a merge request and the merge request is really that central location where all members of the team to consume information If vulnerabilities are detected in the code or if a dependency has a vulnerability or even in the running application itself We've got now one single place where we can review this information The value there is that I don't need to wait for another part of my organization to spin up or create an environment for me And then run some expensive code scanning tool Which is going to charge me by the line and then get the results pushed to another application and then come back and do it all Over again by making those changes So I'm saving time and friction by having it all in one place I'm also getting the knowledge on how to resolve these items. You'll notice here at the bottom. I've got Five vulnerabilities that have been detected. So opening up any of those links gives me information about that CVE It lets me know where it is It lets me know the solution to how to resolve that and you'll also see I have the ability to do things like dismiss this vulnerability That point being is that if we know it's something that we're okay with it's being pushed out We can dismiss that again the whole idea is to really just bring awareness to you I want you to know this or we want you to know this before you actually get everything out into production Or some other environment where it becomes a lot more expensive to fix afterwards So what powers all this are the various tools that you see here on this page our vulnerability scanning tools And it's supported languages are listed here So we've got support for the most common languages and there's more and more being added every month But you can see that and these are the tools they use to do so. We're using things like Claire for container scanning We're using the OWASP ZAP proxy for our dynamic application testing and we're using the power of gymnasium Which is now actually part of GitLab To do our dependency scanning. So these are Open-source libraries that are constantly updated by the community with the latest and greatest information for us Now our entire goal really with this is to make sure that you are aware of your surroundings as I mentioned earlier having as much information up front and Really being as best armed with how to resolve the situation So if we can do anything and help keep you out of the news for negative headlines Then that's really going to be a win for everybody So I really appreciate you taking some time to listen to what I had to say about our security And if you have any other questions about about GitLab what it can provide please don't hesitate to reach out to me So thank you again very much. Go forth and be bold everyone