Secure

セキュリティ機能は、開発ライフサイクルに統合されています。

Product categories

SAST

Static Application Security Testing scans the application source code and binaries to spot potential vulnerabilities before deployment using open source tools that are installed as part of GitLab. Vulnerabilities are shown in-line with every merge request and results are collected and presented as a single report.

Learn More →

DAST

Dynamic Application Security Testing analyzes your running web application for known runtime vulnerabilities. It runs live attacks against a *Review App*, created for every merge request as part of the GitLab's CI/CD capabilities. Users can provide HTTP credentials to test private areas. Vulnerabilities are shown in-line with every merge request.

Learn More →

IAST

Interactive Application Security Testing checks runtime behavior of applications by instrumenting the code and checking for error conditions. It is composed by an agent that lives inside the application environment, and an external component, like DAST, that can interact and trigger unintended results.

Learn More →

Fuzz Testing

Fuzz testing increase chances to get results by using arbitrary payloads instead of well-known ones.

Learn More →

依存関係のスキャン

Analyze external dependencies (e.g. libraries like Ruby gems) for known vulnerabilities on each code commit with GitLab CI/CD. This scan relies on open source tools and on the integration with Gemnasium technology (now part of GitLab) to show, in-line with every merge request, vulnerable dependencies needing updating. Results are collected and available as a single report.

Learn More →

コンテナスキャン

Check Docker images for known vulnerabilities in the application environment. Analyze image contents against public vulnerability databases using the open source tool, Clair, that is able to scan any kind of Docker (or App) image. Vulnerabilities are shown in-line with every merge request.

Learn More →

License Compliance

Upon code commit, project dependencies are searched for approved and blacklisted licenses defined by custom policies per project. Software licenses being used are identified if they are not within policy. This scan relies on an open source tool, LicenseFinder and license analysis results are shown in-line for every merge request for immediate resolution.

Learn More →

機密情報の検出

Check for credentials and secrets in commits.

Learn More →

脆弱性データベース

GitLab integrates access to proprietary and open-source application security scanning tools. In order to maintain the efficacy of those scans, we strive to keep their underlying vulnerability databases up-to-date.

Learn More →

Security Benchmarking

GitLab Secure stage benchmarking for measuring security effectiveness in detecting security findings.

Learn More →

Attack Emulation

Continuously assess your applications and services are not vulnerable to security threats through automated, real-world emulated scenarios to identify weaknesses in your attack surface

Learn More →

Malware Scanning

Detect and protect projects from malware and other malicious code

Learn More →