 Hey, my name is Fernando and I'm a technical marketing manager here at GitLab and today I'm going to show you how GitLab can accelerate your DevSecOps efficiency. Before we see what happens next, let's talk a little about GitLab security. GitLab provides tools to make life easier for not only developers, but also AppSec engineers. As part of GitLab Gold or Ultimate, AppSec engineers have access to the security dashboard, which provides an overview of the security status in your project or group of projects. AppSec engineers can also use vulnerability reports to obtain detailed lists of all the vulnerabilities in their group or project. This is where they can triage and manage vulnerabilities. In this video, we'll go over each of them and how they can benefit you. Now let's check out the security dashboard. We can access the security dashboard from the Security Compliance tab and clicking on Security Dashboard. Here we have a graph showing the vulnerabilities introduced as well as results over time. We can filter out the historical data by clicking any of the legends. At the group level, we can see that the security dashboard is available for all projects within a group and we can go and check out data from 30 days, 60 days, or 90 days. Projects are also assigned a letter grade, A through F, depending on the types of vulnerabilities that they have. We can see that F has critical vulnerabilities present and D has higher unknown vulnerabilities present. This helps us assess the security posture of all of our projects and see which projects need to be assessed first. Now let's check out the vulnerability report. We can access it from the Security Compliance tab. Here we have an overview of every vulnerability detected within the default branch. We can sort by status, severity, as well as scanner type. I'm going to go ahead and select SAS. So here we have a SAS vulnerability that was detected on 1028 of 2020 and it's a possible binding to all interfaces. So this interests me. I go ahead and click on it and I can see exactly where this vulnerability was detected. So I'm going to look and I'm going to see, okay, in my run file, I did have this vulnerability. It's because I had set debug to true and I shouldn't set debug to true on a production application. So as an AppSec engineer, I'm going to go ahead and change the status to confirmed. So I will change the status and now you can see that it was confirmed by me and we can see when it was detected by which pipeline. We can also see an identifier to give us more information on the issue and we can create an issue for better tracking. We can also add comments and this helps AppSec engineers be able to work together and track vulnerabilities and their status, making it a lot easier to manage. You can also export the vulnerability report as a CSV or be able to dismiss vulnerabilities as a batch. So here we can dismiss three vulnerabilities and we can either say it's a false positive or that we won't fix or accept it. We can also not give a reason, but this will control red flags and the security team can assess by dismissed vulnerabilities and confirm that they actually should have been dismissed. For more information, see the links in the description and be sure to hit that subscribe button.