 Hey, my name is Fernando and I'm a technical marketing manager here at GitLab and today I'm going to go over the GitLab security features for 13.12 All right, let's get started with the GitLab 13.12 security features The first feature I wanted to go over is The on-demand DASTA launch. So we've made on-demand DASTA GA What on-demand DASTA is it allows us to Actually run a DASTA or dynamic application security testing on-demand So what we can do is we can just put the URL of our application and Then run DASTA against that URL and we can run it on the environment. We need this can include our staging environment or different dev environments You know anything that we need for testing and this is especially useful for when testing new features Let's take a quick look at that So you can see the on-demand DASTA scan is accessed from the security and compliance tab and There's also on-demand scans. We select that and here we can go ahead and Create a scanner profile So here we create a new scanner profile, which we can provide the scan mode the spider timeout target timeout Whether we use the Ajax spider and if we have debug messages and we can save that so let's just do it real quickly and We'll leave it at one. We'll leave defaults on everything and we will save the profile Now we can go back to on-demand scans We can create a new site profile So here we'll create our site profile. I'm gonna give it a name simple app You can select whether it's a website or a REST API and we'll give it the target URL So in this case, I'm going to use the target URL of my application and I'll play that at any URLs that I want to exclude I'll add any additional headers I want to use with the request and I can evil I can even enable authentication By passing the authentication URL and the username and password as well as the different form fields That way can log into my application before running any of these tests So we'll save the profile and Here we can say scan one give a little description test it all and We can say what branch we want to test on This is just for metadata and then we can just save and run scan and Then you can see that task is running. All right. Now. Let's move on to the next feature there's the security configuration tool for secret detection and What this allows us to do is it allows us to enable secret detection by actually going through the GUI instead of having to add a template to the YAML it just makes things a lot easier for Anyone getting started with GitLab or anyone that wants to add the security tools without needing to write YAML So this can be done under the security compliance tab under a configuration and you see that these options are available for sas Dast and Now we have secret detection and You can do this by clicking on configure via merger quest and Here you can see that what it'll do is it'll create a merger quest Which will add a secret detection to your YAML file and it will automate the process instead of you having to manually add it The next thing to note is that we've introduced a new browser-based crawler for Dast It's currently in beta and what this is designed for is to provide better application testing coverage By finding more pages on a JavaScript heavy app that might be hidden from a traditional proxy-based crawler So the name of this is browser and the way that it can be enabled is by adding the Dast browser scan Variable and setting it to true. We've performed benchmark testing on this And we've noticed that it's shown a significant improvement in crawl coverage from our our current proxy-based crawler And last but not least the SEM grep sas analyzer for JavaScript type script and Python Has now been made available by default and no longer requires the experimental tag We can see that in the test stage we have SEM grep sas which is running on our Python project and We can see that all that was done Was just having the GitLab CI ammo Have the sas template and that's some of the new security updates for GitLab 13.12. Thanks for watching