Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / 13.2 Release Kickoff / 17 Jun 2020
GitLab / 13.2 Release Kickoff / 17 Jun 2020
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: GitLab 13.2 Kickoff - Secure:Dynamic Analysis

Description

GitLab Secure:Dynamic Analysis - Senior Product Manager, Derek Ferguson, provides an Overview of 13.2 release plans.

A

Hi, this is Derrick Ferguson senior product manager for the dynamic analysis group here at --get lab and today, I wanted to walk through what we are working towards delivering in the 13.2 release of get lab for dest. We have a few things in the works, so let me just start by going through what we are delivering in the pipeline, so we are working towards delivering a more full security report in the pipeline view for dest. So, within the pipeline view, you'll be able to see some more details around what was found.

A

The vulnerabilities that were found in the URLs that were scanned you'll be able to hide that scan detail. If you don't want to see it and then you'll be able to click on the URLs a number to download to see the list of URLs and download a full list, if it's more than 20 euros that have been scanned with the desk scanner, the downloaded list will be in a CSV format that will allow for sorting and for you to really be able to validate that.

A

Everything that you wanted to be scanned in that scan was actually covered. The next thing that we are doing is that we're adding more information on the standalone vulnerability page for the vulnerabilities that were found by desks so we'll be adding in things like the request method, the response status code, the request, headers and response headers.

A

The big thing that we are working towards is delivering an on-demand scan for dest. So this will allow you to create desk scans outside of the pipeline so that you can scan your site without having any code commits or merge requests when you need to scan it to validate issues to find things that may be going on outside of the code commits, so you'll be able to do this by going to a new area in the navigation where you'll be able to enter your target URL and then scan your site outside of the pipeline.

A

So this creates a scan and then you'll be able to see the results of that scan. It looks like a pipeline, but it's run asynchronously outside of any merger quest.

A

The other thing that we are working towards with the on-demand scans is creating profiles for the different settings. That way, you can switch back and forth between an API scan versus a site scan if you have multiple different URLs within a project that you would like to start as the target URL you'll be able to switch back and forth between those as a profile, rather than always reconfigure, eight reconfiguring the scan to have a new target, so these profiles you'll be able to create them, save them edit them and delete them.

A

When were you finally finished with going through the entire feature, so you can see you'll be able to create scan profile or site profile in the next release, we're working specifically on this site profile so that you can have multiple sites that you want to scan within a project, so you can easily switch back and forth between them and these will be contained within a profile library. This will enable you to create and delete profiles easily within this library, so that you can see exactly what you've created and.

A

What is there, what other people have created so that you can delete or create new ones in 13.2 we're working towards creating and deleting in the next iteration past that we will be working towards editing these these profiles and once they are finished, then you'll be able to use those profiles within your on-demand scan so that you can just switch back and forth quickly between the profiles, and that is what we are working towards in 13.2.

A

Thank you very much.