 Hi, today I will show you how GitLab can scan the code resting in your repository for passwords API tokens or other sensitive data. Sasha has been preparing a training for customers. In one of the files, there is a line of code that make a request to a public cloud. After hours of working, she pushed the code to her development branch where there was some hard-coded password. With the code and her password resting in her public repo, let's count potentially how many seconds it could take to someone navigating repositories to find the token. These random folk could use it to consume all Sasha's public cloud credits, for example, because it was very easy for him to find it. Well, that's not cool at all. How could this be prevented? Let's go back in time. Let's take those 10 seconds back. Let's shift left. Luckily for Sasha, the developer, GitLab can be configured to run scheduled jobs to scan for these vulnerabilities in repositories with code at rest. I can configure the frequency of these jobs and select the branches where I want the scanning to be executed. The scheduled pipeline is ready now. And this is how the pipeline looks like, the one we just scheduled. It starts with static application security testing, custom report of findings, email notification, and finally, the report is written in the wiki of the project for further audit or archiving purposes. And in this case, GitLab sassed scanner found a vulnerability. Sasha gets notified via email with a link to her security dashboard from where she can find a more detailed description of the problem, such as the line of code with the potential password in her repo, and decide from there the best action to solve the problem and fix this security issue. If she wants, she could create an issue to investigate this problem. But in this case, she knows it's just that she forgot and pushed a hard coded password. So she will just fix it right away and change the password, of course. If it were a less trivial issue from here, she could start a confidential issue and bring into the conversation the security staff. She will not do it in this case. Alright, besides the email notification and security dashboard, in the wiki of the project, my scheduled job creates this custom report where I could keep track of the security vulnerabilities, comment or collaborate on these reports with other developers when needed. We learned today how GitLab offers me the possibility to check code at rest for secrets, passwords or other sensitive data. Stay tuned and let's continue learning at GitLab.