Write secure code at speed
To build and release secure software faster, developers need actionable advice from trusted sources of secure coding right inside the tools they use every day. So that they can resolve vulnerabilities faster.
With this integration, secure coding guidance that is highly relevant to the detected vulnerabilities is easily accessible to developers with the click of a link in GitLab.
Actionable secure coding guidance integrated inside GitLab
GitLab have implemented a technical integration to bring contextual training to their all-in-one DevOps platform that includes integrated security testing, vulnerability management and vulnerability reporting.
Available to GitLab Ultimate customers, this integration embeds highly relevant Secure Code Warrior training links to the Vulnerability Details section of vulnerability reports.
How does it work? - An overview with a screenshot tour
GitLab's search functionality is currently limited to CWE identifiers, meaning only terms like "CWE-1236" will be recognized. Common vulnerability names/keywords, however, are not searchable, and therefore will not trigger the integration
How to enable the integration
The integration can be enabled within the Vulnerability Management tab of the Security Configuration screen. Please refer below to the GitLab product documentation for more information
Note: If you are using the On-Prem version, please ensure that your GitLab server can reach integration-api.securecodewarrior.com.
-
GitLab's technical product documentation: https://docs.gitlab.com/ee/user/application_security/vulnerabilities/#enable-security-training-for-vulnerabilities
-
GitLab blog - an overview: https://about.gitlab.com/blog/2022/03/24/heres-how-to-get-integrated-secure-coding-advice-in-gitlab/
Comments
0 comments
Article is closed for comments.