 Hello, I'm Ganesh Nakwa, Head of Product Management at Acurex, and I'm going to show you how Acurex and GitLab SAS integration enables developers to mitigate the security risk throughout the development cycle. Acurex mission is to enable cloud resilience with the developer first approach to the security. We have seen different security breaches in the past. You may have a CSPM tool that gives you protection from runtime environment, and DevOps or SecOps team may be using SAS, DAS, or SCA tools. If the application running in the production or runtime which has one ability, infrastructure team may not have visibility into that one ability, and even application security team may not know the impact of that one ability in runtime environment. Just look at this example here. We have a SSRF vulnerability, but because of this vulnerability, Hacker can exploit additional resources within your infrastructure. It can be misconfigured compute resource or overly permissive IAM or RBAC policy, and they can find unencrypted database to exfiltrate very important data of your environment. In order to solve this use case, we are empowering developers to mitigate this risk during development cycle by consuming the SAS results and stitching these results along with IAC together to give you a holistic picture on how your threat environment look like from the deployment perspective. So let's look at how GitLab SAS integration works. As a developer, you write application, you create a Docker container, you write HIM chart code, and you deploy your build into runtime environment, whether it's a Kubernetes cluster or any other environment. So when you write application, the GitLab SAS tool can help you to find application vulnerabilities, and that information will pass on to Accuracy, where Accurate simultaneously scan infrastructure as a code for any security violation. Based on this two information, SAS information and IAC violation information, we can create a policy where we can break the build based on high level of application vulnerabilities or IAC security violations. Once your build is good, you can deploy that build in your runtime environment, and Accuracy will help you to continuously assess your runtime environment as well. So with this integration, developers can mitigate their security rates within the development cycle so that the cost of remediation is very low. So as I mentioned earlier, with this joint solution, we can detect a risk during development cycle. We can block the build in the pipeline, and we can reduce the remediation cost. We can enforce policies in runtime, and we can prevent the risky deployment. We will continually assess the risk in runtime for any risky deployment. So today, I'm going to show a demo for two use cases. The first one is SAS policy enforcement for application Docker files. So admin can select policy from Accuracy to enforce application Docker file for SAS vulnerabilities. And policies can be based on CWE or CVE, based practices for application. And we will enforce those policy in GitLab pipeline itself to mitigate the zero-day vulnerability for Docker files. And the second use case is IAC policy enforcement for HEM or Customize or EML file, where admin can select policy from Accuracy, and they can enforce HEM or Kubernetes or EML for IAC security violations. So let me show you GitLab console here. As you can see, GitLab console, here we have created a simple Node.js application. If I click in Node.js, this is very simple application with Hello World. And we have created Docker file as well, which has a reference to this application. So I have two repository. One is application level repository. And the second repository I have is with a deployment. So whatever the application I want to deploy in my runtime, so we have created app YAML file, which has a reference for that specific application. And also we have YAML file where we added additional stage. So earlier it was test and deploy. Now we added policy evaluation additional state where based on policies, we can make decision to break the bit, right? Same thing for application level vulnerabilities as well, where in CI-CD pipeline, you can see I have failed pipeline where I have four stages, build, test, and policy evaluation and deploy. So if I find any security violation or any application level of vulnerabilities, then based on severity, based on top 25 CWE or CVE information, I can take action to break the build before that vulnerable build goes to the runtime environment. So if I click here, it will show me the build has failed because of, you know, we have detected like top 25 CWE cross-site scripting vulnerability. And because of that, we avoid that build to go in runtime environment. So we can also see in security tab what type of vulnerability it is, right? It will give all information about cross-site scripting with CWE number, which is 79, right? It shows that detail. So we have created automated policies where policies can enforce from acrylics and then we can take action, automated action in GitLab pipeline itself. So now we can take action based on application vulnerability as well as ISE security violation, right? So we can provide end-to-end contacts to developers so that they can make a decision to break the build. Now I'll show you how to configure GitLab integration from Accuracy Console. It's very easy to configure. So if I go GitLab SaaS environment, so this is a Git, this is Accuracy Console where I have created environment and if I edit environment, you can see here, I have two repos. One is application repo, which is a sample Node.js and second one is for Kubernetes. And if I click next, I can assign a policy pack which we developed, one for base practices for Kubernetes and one for application. Based on that, we can find security violation or application vulnerabilities and we can take enforcement action for that specific violation. If I come up from that, I'll show you quickly the policies. As I mentioned, we have added application policy. So we have defined top 25 CWE that are known and based on that, you can take action. Same thing, we added top 10 CVE and then we can take action based on top 10 CVE information. If you go to resources, it will show you we have detected GitLab vulnerability as well as we have detect ISE security violation also. So in GitLab vulnerability, as you see, it is associated with cross-site scripting and in Kubernetes deployment, we have around 12 violation and based on those high severity violation, we can take action to break the pill. You can also create your own policies based on different rules like for example, if I want to add rule and this is based on a regular editor, very easy to configure. If I want to add, say, one extra rule to detect like this vulnerability, CWE vulnerability, I can write the code where my code, I can paste it here in rule template and I can modify the CWE number here to 79 so that I can detect or I can first test that rule whether it's working or not. And here you can see I have detected violation. So my rule has passed, I have detected violation and here I can view vulnerability title, the remediation steps and so on and so forth, right? That way you can save this rule and you can apply in production. So you have a lot of flexibility where you can have custom rules to make sure like you take action on those specific vulnerabilities. So that is from the demo perspective and if you want more information, you can visit GitLab SaaS integration, here's the link. And if you want to learn more about additional capability that Accuracy can provide, you can go to Accuracy.com and you can learn more about Accuracy. Thank you.