 Oh no, I've been hacked. GitLab SAST, or Static Application Security Testing, allows you to detect vulnerabilities within your mobile application. It supports scanning for iOS and Android applications. SAST scans the Static Application Source Code in your mobile applications to make sure you are publishing the most secure application possible. Problems in applications can cause many issues, such as information disclosure and loss of credibility to include some. Today I'm going to show you a little bit about how mobile application security works with GitLab. This is an Android application I created, similar to a magic 8-ball. When clicking this button, it results with either yes, no, or maybe. If you want to check out the source code, see the links in the description. Now let's go over how application security scanning works in GitLab. This is the project that houses my mobile application. I went ahead and created a merge request to change the randomizer function. Let's take a look at the changes. You can see that I was using this random function and I went ahead and imported a different random function, and now I'm using random.nextint, which allows me to select that random one of these three options. When I go to the overview from the MR, you can see that the security scanning detected one potential vulnerability. So I'm going to go ahead and expand this, and I'm going to see a vulnerability of severity high, which states that the app uses an insecure random number generator. And here we can see exactly where the file is and the line of code, and we have a little bit more information such as the scan, which is Mabasa, and the project that it's in. Within this menu, you can see that there are certain actions. We can dismiss this vulnerability and give a comment as to why. We can also create an issue to further track this if it cannot be resolved the right way. This enables collaboration between developers and AppSec engineers. In order to enable SAS for mobile applications, all we need to do is add the SAS template to the gitlab.yaml as well as set the SAS experimental features variable to true. Then on any MR, the pipeline will automatically run with the SAS scanner for mobile. Thanks for watching. For more information, see the links in the description. And be sure to hit that subscribe button.