►
From YouTube: GitLab 13.0 Defend Features Overview
Description
Chloe Whitestone, Technical Account Manager, covers the new Defend features: Standalone Vulnerabilities, Exportable Vulnerabilities Reports, and WAF SIEM Integration
A
A
There
we
go
okay,
so
number
one
it
made.
The
highlights
for
the
release
is
standalone
vulnerabilities,
so
what
is
it?
Standalone
vulnerabilities
are
also
known
as
first
class
vulnerabilities,
but
for
our
purposes
it
just
means
that
each
loner
ability
has
its
own
standalone
breach,
which
you
can
access
by
clicking
on
the
vulnerability
in
the
security
dashboard
and
then
which
you
can
link
to
to
share
it
or
work
on
it,
etc.
A
You
can
also
create
a
new
issue
which
is
confidential
by
default,
and
it
is
pre-populated
with
information
from
the
from
the
vulnerability
report
and
then,
finally,
on
the
standalone
page,
you
can
apply
and
automatically
generated
solution,
some
of
which
will
be
manual
things
you
have
to
do
and
some
which
get
lab
can
solve
for
you,
which
is
pretty
cool
an
example
here,
it's
just
a
manual
solution
where
I
have
to
update
the
version.
So
this
is
what
the
standalone
page
looks
like
and.
A
A
Each
vulnerability
can
triage
and
tracked
as
the
single
source
of
truth,
and
they
will
also
be
persistent,
which
what
that
means
is
that
previously,
any
new
scans
that
were
on
this
branch
as
a
previous
scan
would
overwrite
the
previous
findings,
and
now
they
don't
so
that's
less
duplicates
and
better
tracking,
which
is
great.
It
also
ties
straight
to
reporting
and
be
able
to
track
trends,
which
is
a
big
deal
and
ultimate
still,
you
might
think.
Maybe
that's
still
not
that
big
of
a
deal
but
in
trigger
live
fashion.
A
It's
a
MVC
that
will
improve
a
ton
going
forward.
So
I
linked
an
issue
here
that
you
can
take
a
look
at
that.
Just
collects
a
bunch
of
other
issues
that
it's
going
to
help
resolve
going
forward,
primarily
primarily
just
around
having
a
better
security
dashboard,
a
more
accurate
one,
our
abilities
so
we'll
have
better
reporting.
It
opens
a
door
for
a
lot
of
potential
new
features
like
better
false
positive
management.
Having
vulnerabilities
linked
to
occurrences
went
to
many
linking
vulnerabilities
to
existing
issues.
A
None
of
these
are
guaranteed,
but
they're
just
examples
of
things
that
the
team
is
thinking
of.
Now
the
standalone
four
abilities
exist.
We
can
do
a
whole
bunch
more
as
I
mentioned.
This
was
a
huge
effort,
so
here
some
links
and
videos
that
go
into
more
detail.
The
category
Direction
page
here
was
just
a
dated
two
days
ago,
so
it's
super
fresh.
It's
got
dice
in
the
mirror.
It's
awesome
all
right.
Let's
move
on
to
exploitable
security
reports,
which
happens
to
be
one
of
the
features
that
standalone
vulnerability
is
made
possible.
A
It's
already
making
our
lives
better.
It's
great
okay,
so
I
feel
very
passionately
about
this
feature
because
I
opened
the
initial
issue.
I
was
involved
in
it
every
step
of
the
way
over
the
past
eight
months,
and
it's
finally
here,
like
my
baby,
so
before
today,
vulnerability
is
for
only
exportable
as
a
JSON,
which
is
pretty
cumbersome
by
itself,
let
alone,
if
you
want
to
turn
it
into
a
usable
or
shareable
report.
A
Much
to
the
dismay
of
my
customer,
the
JSON
files
showed
dismissed
vulnerabilities
with
no
indication
that
they
were
dismissed,
so
their
clients
were
freaking
out.
There
was
a
ton
of
unnecessary
back-and-forth.
It
wasn't
a
good
experience,
but
now
it's
okay.
You
can
just
click
a
button
on
the
security
dashboard
and
export
all
of
the
vulnerabilities
to
a
CSV
file,
and
it
has
all
the
info.
You
need
it's
available
on
both
the
project
and
instance,
level
dashboards
and
the
group
level.
A
Dashboard
is
planned
for
13.1
in
a
couple
weeks
and
there's
a
list
here
of
what
the
fields
are
populated
in
the
COC
and
the
ability
to
export
PDFs
is
planned
for
next
year.
After
vulnerability
management
becomes
viable,
it's
minimal
right
now
and
if
you're
paying
attention
that
epic
was
linked
to
two
slides
ago.
I
also
noticed
some
gotchas
here.
Just
about
using
the
export,
but
overall
it's
it's
pretty
straightforward.
It's
just
a
button.
A
Here's
some
documentation
and
resources,
as
well
as
a
screenshot
of
what
this
supercool
button
looks
like
alright
on
to
the
last
defend
feature
and
their
King
Otto,
the
wofe
sim
integration.
So
that's
a
lot
of
acronyms,
not
very
messy
Fuu.
So,
let's
break
it
down.
Wofe
is
Web
Application
Firewall,
which
filters
and
monitors
HTTP
traffic
between
a
web
application
and
the
internet.
It's
a
type
of
reverse
proxy,
so
it
protects
the
server
from
exposure
by
having
clients
passed
through
the
Wafaa
for
reaching
the
server
easy
enough.
A
The
sim
means
security,
information
and
event
management,
so
really
really
good
as
I
am
or
whatever,
and
it's
the
software
solution
that
aggregates
and
analyzes
activity
from
different
resources
across
return
for
structure
some
example
providers
are
like
security,
IBM,
cute
radar
and
stupid
logic,
and
so
before
we
had
this
integration,
there
was
a
lack
of
visibility
into
the
traffic
that
passes
through
the
laugh
and
no
real
easy
way
to
determine
if
it
was
working
as
expected,
and
nearly
all
users
who
use
WEP
also
use
a
sim.
So
we
figured
let's
let
them
connect
the
two.
A
This
is
all
done
via
fluent
de,
which
is
an
open
source
data
collector
and
it
just
runs
on
each
pod
and
allows
customers
to
send
the
logs
really
anywhere
they
like.
So
they
can
use.
It
are
very
tool
they
want.
The
integration
is
available
for
all
tiers,
even
the
free
version,
and
it
can
be
enabled
and
configure
by
going
to
fluent
de
under
applications
on
the
operations.
Kubernetes
page
you'll
need
to
enter
the
host
port
and
protocol
where
the
wife
loads
would
be
sent
and
then
select
one
of
the
available
locks.