6
Integrating security into your DevOps Lifecycle | GitLab
source link: https://about.gitlab.com/solutions/dev-sec-ops/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
DevSecOps with GitLab
Integrating security into your DevOps lifecycle is easy with GitLab. Security and compliance are built-in, out of the box, giving you the visibility and control necessary to protect the integrity of your software.
Try Ultimate features free for 30 daysThe DevOps platform that simplifies DevSecOps
GitLab is known for industry-leading Source Code Management (SCM) and Continuous Integration (CI). Developers want to use GitLab. We make it easy to include security and compliance. Focus on apps, not tool maintentnance, while improving collaboration and transparency for one predictable cost. GitLab has security and governance built-in.- Application security testing and remediation. With every code commit, GitLab provides actionable vulnerability findings to developers while helping security pros manage remaining vulnerabilities through resolution.
- Cloud Native Application Protection. GitLab helps you monitor and protect your deployed applications.
- Policy Compliance and Auditability. GitLab’s MR approvals, end-to-end transparency of who changed what, when, and where, along with a compliance dashboard and common controls help you meet your compliance needs.
- SDLC Platform Security. See how we secure the GitLab software.
The GitLab difference
Simplicity
One platform, one price, with comprehensive app sec for both dev and sec
Application Security Testing
Vulnerability Management
Protect deployed apps
Control
Compliance framework for consistency, common controls, policy automation.
Compliance capabilities
Security policy configuration
Visibility
See who changed what, where, when, end-to-end.
Audit events
Audit reports
Dependency list (BOM)
Continuous security testing capabilities
Included within all GitLab tiers
Included within the GitLab Ultimate tier
Dependency Scanning
- Analyze external dependencies (e.g. libraries) for known vulnerabilities on each code commit with GitLab CI/CD.
- Identify vulnerable dependencies needing updating.
- A Dependency List (Bill of Materials) shows all dependencies used in a project.
Container Scanning
- Check Docker images for known vulnerabilities in the application environment.
- Avoid redistribution of vulnerabilities via container images.
License Compliance
- Automatically search project dependencies for approved and unapproved licenses defined by your policies.
- Custom license policies per project.
- License analysis results are shown in the merge request pipeline alongside security vulnerabilities for immediate resolution.
Why integration matters for DevSecOps
- Every piece of code is tested upon commit for security threats, without incremental cost.
- The developer can remediate now, while they are still working in that code, or create an issue with one click.
- The security pro can see and manage unresolved vulnerabilities captured as a by-product of software development.
- Single source of truth can focus collaboration on remediation, eliminating translation and finger pointing.
- A single tool reduces cost to buy, integrate and maintain point solutions throughout the DevOps pipeline.
Exciting new capabilities!
We welcome your feedback and contribution to our
vision and roadmap
Vulnerability Management
Evaluate vulnerabilities based upon risk and scanning vendor used.
Risk-based Triage
Filter by scanner vendor
Mobile app testing
Test mobile applications within your CI pipeline including Kotlin, Swift, Objective-C, and Java.
Getting started with SAST for Android
Container Security
Protect cloud-native production applications.
Container Network Policies
Container Host Security
Resources
Learn how to
add Security to your CICD Pipeline
Efficiently manage vulnerabilities and risk using the
GitLab Security Dashboards
Manage your
Application Dependencies
Use GitLab Application Security Capabilities
with Jenkins
See how we
compare
against other
Security tools
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK