 Hi, my name is Fernando, and I'm a technical marketing manager here at GitLab. And today we're going to go over some of the new security features in GitLab 14.9. Now let's get started. One of the new items we can see is rule mode for scan result policies. Now this has been fine tuned and updated. This was released in GitLab 14.8 and I'll provide a link to the video showing how rule mode works. But essentially you can build the complex YAML by just selecting items within dropdowns. This allows you to create an approval policy for your merger requests. The next item on here is integrated security training. So GitLab provides a set of security scanning tools to identify a whole bunch of different security issues. Now we're providing training from our two partners, Contra and Secure Code Warrior. These two new partners provide training content, making it easier to assess and ultimately fix security issues. Now let me show you how this works. First we go to the security compliance tab and click on configuration. Then we click on vulnerability management. And here we can see our two partners, Contra and Secure Code Warrior. I'm going to go ahead and check both of them and I'll leave Contra as the primary training. Now within the vulnerability report accessed by security and compliance, I'm going to look at some DASTS vulnerabilities. And let me go ahead and click on private IP disclosure. Now I see here information about private IP disclosure, but when I scroll to the bottom, I'll be provided with a training section. And here I can see that Contra has some training. So I click on view training and it'll take me to the Contra page where I'll learn about excessive data exposure. As a developer, this makes me more security aware and enhances my security knowledge. Another feature we can see is that dependency scanning outputs Cyclone DX documents. In order to align with a popular software build materials industry format standard, dependency scannings gymnasium analyzers will now output a Cyclone DX S-bomb for each supported lock or build file detected. Now let me show you how that works. First, we click on our pipeline and we can see all the jobs run. Now let's go ahead to our dependency scanning and click on gymnasium python dependency scanning. Here we can go to our job artifacts and click on browse. Then from here we'll see the Cyclone DX file which contains the S-bomb of all our dependencies. We've also introduced the UI option to enable container scanning. This configuration experience makes it easier for non-CI experts to get started with GitLab container scanning. Now let me show you how easy it is to configure container scanning via the UI. Within the project we wish to configure, we go to the security compliance tab and click on configuration. Then from here we can scroll down to container scanning and click on configure with a merge request. Here we'll be able to create a merge request. We can see the diff where it performs a lint and adds container scanning to our GitLab YAML. So let's go ahead and create the merge request and once it's created we'll see that the pipeline is running. Then we can check to merge when the pipeline succeeds. Now let's go ahead and take a look at the pipeline that was running. We can see that the container scanning job has been added. There's also new audit events. We've added audit events for the following activities. Creating a new merge request approval rule, deleting a merge request approval rule, as well as approving a merge request. Creating deleting or revoking a project or group deploy token, as well as failed attempts to create a project or group deploy token. Authenticated Git push or Git pull commands to a private repository performed over either SSH or HTTPS. This is part of our effort to make audits easy and more detailed. And last but not least, we have static analysis analyzer updates. The GitLab static analysis includes many security analyzers that the GitLab static analysis team actively manages, maintains and updates. Making sure that we're finding the newest vulnerabilities and have the most up to date tools. Here we can see several changes and updates, which bring additional coverage bug fixes and improvements. You can take a look at all the different analyzers which have been updated in this version of GitLab. And thanks for watching. I hope you enjoyed this video. If you take a look at the description, you'll be able to skip the several parts as well as see the appropriate documentation on each feature I've described. Thanks again, and please hit that subscribe button.