Applying formating

Workshop: The GitLab Workflow: Day in the life of a Developer

Get hands-on experience with the ideal GitLab workflow which leverages Merge Requests, Security scanning, approval rules and compliance standards as part of the default workflow.

Topics Covered:

Project settings/Merge requests:

• Checks:
  • Creating checks that must pass before merge requests can be merged:
    • Pipelines must succeed
    • All MR threads must be resolved
    • Status checks must succeed
• Approvals:
  • Setting requirements for the approvals process in the repository:
    • Approval Rules
    • License approval Policies
    • Security vulnerabilities
    • Approval settings:
      • Define how approval rules are applied
        • Prevent approval by author
        • Prevent approvals by users who add commits
        • Prevent editing approval rules in MRs
        • Require user re-authentication (password or SAML) to approve
      • When a commit is added:
        • Keep approvals
        • Remove all approvals
        • Remove approvals by code owners if their files changed
      • Code Owners

Securing your Application

• Static Application Security Testing (SAST)
• Container Scanning
• Dependency Scanning
  • License Compliance

Managing Vulnerabilities

• Merge Request Security Widget
• Merge Request License Compliance Widget
• Vulnerability Reports
• Vulnerability Page
• Security Dashboard
• Dependency List (SBOM)

Protecting Repository Branches

• Protected Branches

Protecting Deployment Environments

• Protected Environments

Enforcing Scans and Preventing Vulnerabilities from Entering Production branches

• Scan Policies
• MR Approval Policies