 Hi, my name is Fernando and I'm the Technical Marketing Manager here at GitLab. And today I'm going to go over some of the newly released security features of GitLab 14.10. The first feature I want to go over is Compliance Report Individual Violation Reporting. The Compliance Report now reports every individual merger cost violation for the projects within a group, which is a huge improvement over the previous version, which only showed the latest MR that had one or more violations. Now let's take a look at this more in depth. In order to access the Compliance Report from our group, we go to Security and Compliance and click on Compliance Report. Here we are provided with the Compliance Report page, which has been newly updated. You can see and sort by severity, compliance violation, the merge request which violates compliance. When clicking on an item, you're provided with additional information, which highlights who made changes, who reviewed, who approved, as well as who the merge request was actually merged by. This provides us with a more in depth compliance overview of our compliance violations. The next feature I want to go over is the user interface for streaming audit events. Now in the past release videos, I showed how to set up streaming audit events using the GitLab GraphQL API. But now you can create streaming audit events via the UI, making it a lot easier to add and remove streaming audit event destinations, as well as see the list of locations where streaming audit events are being sent to. This can be done in your group by going to the Security and Compliance tab and clicking on audit events. You can then click on the Streams tab. This is an active event stream, which I am sending my events to. I can click the plus button to add a new destination to send my audit events, which makes it easy to configure. We've also added improvements to our SAS scanners, specifically making Java scanning easier. SAS scanning now uses SEMgrep to scan Java code, which runs significantly faster, up to seven times faster in our testing than the existing analyzer, which was based off of spot bugs. And along with the Java improvements, we've also updated other static analysis analyzers. By scrolling down, we can see the updates along with the change logs for each specific analyzer. This is part of an ongoing effort to maintain our open source tools, as well as our internal tools, and continue to update them as new releases are provided. And last, I'd like to show that you can now manually create a vulnerability record. In the past, this could have been handled via the API, where we can create a vulnerability by sending a request to the GitLab GraphQL API. But since then, we've added a way to actually create vulnerability records using the UI. This enables the security team to be able to actually create a vulnerability that has not been detected by our scanners, or something that is not normally a vulnerability, but it does affect our system. Now let's take a look at how this works. Within our project, we can go to the security and compliance tab and click on the vulnerability report. Within our vulnerability report, we can see a new button at the top right, which says submit vulnerability. Upon clicking on it, we're provided with an input field, which allows us to provide a name, description, severity, status, as well as list identifiers, which are associated with the CVE or CWE of the vulnerability. We can also add a solution for reference. Once we click on submit vulnerability, a new vulnerability entry will be added to the vulnerability report. When going back to the vulnerability report, when sorting by tool, we'll now have manually added vulnerabilities. And here we see ours. And again, thanks for watching, and I hope you enjoyed this video. To keep up to date with the new GitLab security releases and other features, which are released every 22nd of the month, please click on that subscribe button and be sure to read the links in the description. Thanks again.