►
From YouTube: DevSecOps Webinar - April 26, 2022
Description
GitLab enables developers and security to work together in a single tool, allowing for proactive security or “shifting left”. This session will cover what GitLab offers, how scan results integrate seamlessly with merge requests, and how to use the Security Dashboard to manage vulnerabilities.
A
Hi
everyone
welcome
to
today's
session.
We
are
going
to
give
people
just
another
minute
or
so
to
join
us
and
we'll
get
started.
Thank
you.
A
All
right,
let's
go
ahead
and
get
started
thanks
everyone
for
joining
us,
we're
we're
excited
to
to
be
here
with
you
this
morning
or
afternoon,
depending
on
on
where
you're
located.
A
If
you
have
any
questions
that
come
come
up
throughout
the
webinar,
we're
excited
to
answer
those
for
you.
If
you
just
go
ahead
and
put
those
in
the
q
a
section
of
zoom
on
your
browser,
then
we
will
do
our
best
to
get
all
of
those
answered
and
then
finally,
our
presenter
today
is
jamie.
Reed
he's
a
senior
member
of
our
technical
account
management
team,
and
at
this
point
I
will
kick
it
over
to
him.
A
B
Taylor,
I
appreciate
it
and
thank
you
to
all
the
attendees
for
giving
us
an
hour
of
your
time
and
attention
today
so
good
morning
and
good
afternoon,
depending
on
your
time
zone.
Let
me
share
my
screen
and
we'll
kick
things
right
off.
B
I'm
joining
you
live
from
calgary
alberta,
canada,
and
I
hope
that
everyone
else
is
having
a
great
day.
I
I'll
also
share
that
sam
and
sean
two
of
my
very
talented
colleagues
are
here
to
address
your
q,
a
so
send
us
your
spiciest
and
hardest
questions,
we're
here
to
really
dig
deep
into
those
at
the
end
of
the
presentation,
we'll
unlock,
maybe
10
or
15
minutes
at
the
conclusion.
B
So
as
taylor
had
mentioned
today,
we're
here
to
talk
about
devsecops
and
how
gitlab
can
help
you
achieve
better
outcomes
through
integrating
security
as
part
of
your
workflow,
we're
really
going
to
touch
primarily
on
two
key
topics.
First
and
foremost,
we're
going
to
take
a
look
at
application,
security
testing
and
how
gitlab
secure
can
help
you
find
and
fix
your
vulnerabilities
before
they
make
it
into
your
production
deployments
and
then
we'll
have
a
light
touch
on
how
gitlab's
policy
compliance
and
auditability
can
help
you
meet
your
compliance
needs.
B
So
this
slightly
illustrates
how
much
software
bugs
and
phones
cost
the
software
industry
and
with
a
a
cost
of
300
an
hour
for
a
software
developer
for
the
2019
software
developer
price
guide.
We
can
see
here
from
nist's
study
on
the
impact
of
inadequate
software
testing,
the
cost
of
remediation
and
how
it
dramatically
increases
the
closer
you
get
to
production.
B
So,
while
you
know
finding
above
or
finding
a
vulnerability
and
being
able
to
remediate
it
quickly,
while
you're
writing,
the
code
means
that
maybe
on
average
you
spend
about
two
and
a
half
hours
remediating
a
finding
by
the
time
you
get
to
production
context,
switching
back
to
code
that
you
or
another
person
had
written
previously
can
can
quickly
balloon.
And
here
you
see
the
cost,
jumping
up
to
say
four
thousand
dollars
for
a
finding
in
production.
B
So
with
that
in
mind,
I
wanted
to
really
describe
two
separate
problems
for
you.
Traditional
application
security
tools
were
built
ten
or
more
years
ago
before
today's
modern
software
development
methodologies,
like
devops
with
extremely
short
cycles
and
regular
deployments,
were
commonplace
as
an
industry.
B
Applications
today
are
the
prime
target
of
cyber
attacks
and
a
lack
of
hygiene
can
allow
exploits
to
be
reused,
compounding
this
application.
Security
tools
can
be
quite
expensive
and
they
can
require
integration
of
both
technology
and
processes.
There's
a
significant
operational
investment
that
organizations
need
to
make
in
order
to
bring
these
separate
tools
into
their
workflow
in
order
to
shift
left,
you
must
include
both
your
developer
and
your
security
teams.
C
B
Is
the
reality
of
modern
software
development
as
we
all
strive
to
accelerate
and
shorten
our
cycle
times
code
changes
are
getting
faster
and
faster.
More
open
source
technologies
are
being
used
more
apis,
more
microservices
iterative
development
can
be
incongruent
with
full
application
security
scanning
and
a
more
waterfall-esque
approach
without
scaling
through
developer
enablement,
automation
and
agency
devsecops
won't
scale.
B
Additionally,
next
generation
software
gives
way
to
new
attack
services
deployment.
To
you
know
more
modern
methods
like
kubernetes
clusters
and
in
public
clouds,
really
changes
the
the
surface
of
which
that
actress
can
can
compromise
your
applications.
Composable
software
with
more
open
source
can
mean
that
traditional
approaches
to
network
security
become
less
relevant
and
punitively.
Traditional
application
security
tools
are
typically
usage
based
you
pay
on
a
per
scan
basis,
which
means
to
be
more
secure.
You
end
up
penalized.
You
have
to
pay
more
for
to
give
you
a
bit
of
a
visual
here.
B
Imagine
a
world
where
you
could
scan
all
of
your
code
every
time
seamlessly
in
the
context
that
the
developers
are
working
within
using
fewer
tools
and
including
both
your
development
and
your
security
operations
teams
all
on
the
same
page,
and
while
doing
all
of
this
keep
your
compliance.
Auditors
happy.
B
With
gitlab,
we
can
automate
all
of
these
tests
and
include
them
into
every
merge
request.
You
no
longer
have
to
choose
between
risk
cost
and
agility,
because
gitlab
is
a
single
application
for
the
entire
software
development
life
cycle.
You
can
use
it
on
every
code
commit
all
of
the
tests
are
run
automatically
and
presented
in
the
context
in
which
the
developer
is
working.
The
gita
app
creates
a
complete
review
app,
so
the
dynamic
testing
of
your
your
developer's
changes
can
be
run
on
working
code
as
well.
B
This
slide
shows
you
the
10
different
stages
that
gitlab
operates
with
them,
and
it
also
highlights
some
of
the
available
security
testing
tools
that
are
part
and
parcel
of
our
ultimate
offering
including
static
application.
Security
testing,
dynamic
dependency
scanning
license
compliance
secret
detection
and
more.
B
The
key
here
is
to
have
development
and
security
working
together,
large
enterprises
that
I
speak
to.
They
all
realize
that
as
a
security
organization,
you
can
scan
and
present
results
at
nashim
until
the
cows
come
home,
but
getting
those
action
and
showing
that
burn
down,
burn
down
chart
going
in
the
right
direction.
That's
a
much
more
difficult
problem.
B
B
B
It
also
gives
you
the
ability
to
test
every
single
code
change
and
improve
your
coverage
context.
Switching
here
is
really
the
key
that
I
want
to
leave.
Folks,
with
the
cognitive
load
of
changing
from
tool
to
tool
really
slows
developers
down
and
by
doing
it
all
in
one
tool
and
presenting
these
findings,
contextually
productivity
can
be
much
better.
B
Managing
vulnerabilities,
if
there's
any
security
professionals
here
on
the
call,
I'm
sure
this
is
a
task
that
that
you
might
detest.
You
know
what
happens
if
you
uncover
a
huge
number
of
vulnerabilities
at
the
end
of
a
given
software
development
life
cycle.
Nobody
wants
to
go
back
to
their
product
manager
or
to
their
stakeholders
in
the
executive
and
explain
that
their
timelines
are
blown
because
late
in
in
in
their
development
process,
they've
uncovered
a
number
of
vulnerabilities.
B
B
Just
as
before
we
have
a
gitlab
repository
here
where
the
developer
may
be
making
a
change.
Maybe
it's
a
bug
fix
or
a
new
feature,
they'll
push
that
commit
to
the
repository
which
will
trigger
gitlab's
ci
engine,
but
at
this
stage,
just
like
before
they'll
get
their
test
results
for
things
like
unit
testing
or
otherwise.
B
They
can
also
benefit
from
a
review
app
where
an
ephemeral
copy
of
her
application
is
deployed
and
the
code
ends
up
running
as
it
would
in
a
test
environment
and
from
here
web
security
testing.
For
things
like
dynamic
application,
security
testing
can
run
developers
just
as
before,
can
then
create
or
dismiss
issues
as
these
fines
are
found.
B
This
is
where
the
developers,
compliance,
auditors,
security
professionals
and
other
stakeholders
can
collaborate
on
the
code
changes
at
hand.
Security
is
also
empowered
to
take
part
in
this
process.
Not
only
can
they
engage
within
the
merger
quest
itself
and
have
a
dialogue
about
the
the
potential
findings,
but
they
can
also
at
any
time
understand
on
a
project
or
per
group
level.
The
findings
within
it
within
different
code
posted
in
gitlab
from
there
they
can
dismiss
irrelevant
findings.
They
can
create
issues
to
perhaps
prompt
remediation
of
that
vulnerability.
B
B
Here's
kind
of
another
spin
on
the
same
idea.
This
picture
illustrates,
I
hope,
a
familiar
branching
strategy.
We
call
this
gitlab
flow,
but
here
you've
got
your
default
branch
main
or
master,
and
typically
everything
starts
with
an
issue.
That's
the
way
we
think
about
it.
They
can
lab.
So
if
the
issue
says
hey
here's
a
bug,
I
want
fixed
or
here's
a
new
feature.
I'm
proposing
from
there
a
developer
can
create
a
merch
request.
Then
they
can
start
pushing
code
changes
into
a
featured
branch
with
each
and
every
change.
B
B
To
give
you
an
overview,
the
the
vast
array
of
different
scanning
and
security
tools
that
that
makes
available
to
you.
We
always
like
to
throw
this
slide
up
here.
I
won't
read
this
ad
nation,
but
I
will
share
that.
You
know:
there's
technologies
like
sas
dast
and
even
fuzz
testing
part
and
parcel
and
included
with
gitlab.
Many
of
these
are
actually
available
as
part
of
our
core
offerings,
so
the
free
open
source
version
of
gitlab,
but
the
contextual
presentation
of
these
findings
is
really
where
the
value
out
of
gitlab
comes
in.
B
B
Your
code
is
going
to
get
built
and
packaged
up
in
a
way
that
is
potentially
deployable,
and
then
you
might
be
familiar
with
seeing
a
test
stage
with
a
number
of
parallel
jobs
that
are
testing
things
like
code
quality
and
in
this
case
we've
included
things
like
container
scanning
dependency
scanning,
license
management
and
sas.
B
In
addition
to
the
other
tests
that
the
developers
may
have
specified
after
those
tests
have
passed
successfully,
the
app
can
then
be
deployed
to
an
ephemeral,
a
short-lived
environment
as
a
review
application
and
from
there
with
every
pipeline,
you
can
run
a
dynamic
scan
of
the
application
at
runtime.
You
can
also
run
browser
performance
testing.
B
This
right
here
is
a
picture
of
a
merge
request
with
what
we
call
our
security
scanning
and
license
compliance.
Widgets
so
again
should
be
a
familiar
screen.
We're
talking
about
a
feature
branch
here
that
the
developer
was
working
on
getting
merged
potentially
to
master.
You
can
go
here
to
review
the
code
changes
themselves.
The
number
of
pipelines
run
against
those
commits
and
a
diff
against
the
files
as
relevant.
B
But
additionally,
here,
the
contextual
value
is
that
this
security
scanning
widget
here
is
shown.
So
as
part
of
this
merge
request,
the
developer
can
see
that
a
total
of
28
different
vulnerabilities
were
discovered
as
part
of
this,
this
new
feature
branch,
four
of
which
have
already
been
dismissed
but
24,
are
still
in
the
new
state.
This
empowers
developers
or
other
folks
to
review
these
and
before
approving
or
merging.
This
merge
request
action
appropriately.
B
Likewise,
with
license
compliance,
this
particular
merge
request.
Screenshot
shows
the
situation
where
two
new,
perhaps
open
source
licenses,
are
being
brought
into
the
project
by
this
change,
you
can
opt
to
then
go
into
the
manage
licenses
section
of
the
tool
to
adjust.
Perhaps
a
policy
view
the
full
report
of
the
findings
and
understand
which
licenses
are
there
or
expand
the
widget
to
drill
down
into
it?
B
Let's
talk
about
that
drill
down
capability
so
again,
we're
still
within
the
context
of
that
very
same
merge
request
here,
but
the
security
scanning
widget
has
been
expanded
and
we
can
see
here
that
this
particular
example
shows
a
number
of
different
medium
severity
findings
detected
by
the
sas
scan
that
ran
as
part
of
the
merge
request
we're
integrating
best
practices
into
this.
This
merge
request
here
we're
automating
the
security
workflows
to
help
provide
teams
an
adaptable
process
and
help
them
execute
more
quickly.
B
Beyond
the
drill
down
capability,
if
you
were
to
collect
directly
into
one
of
those
findings,
you'll
be
presented
with
what
we
call
a
vulnerability
page.
This
page
is
essentially
a
card
that
describes
the
vulnerability
itself
and
helps
give
the
developer
security
professional
more
information
about
how
to
address
this
vulnerability.
B
So
in
this
case,
there's
a
finding
here,
a
serialization
vulnerability
related
to
this
logback
core
module
that
this
particular
project
included
as
part
of
this
pawn.xml
file.
This
is
a
critical
severity
bug,
so
definitely
something
that
you
want
to
take
some
time
to
understand.
Dependency
scanning
here
was
the
scanner
that
picked
this
up.
B
It
uses
gitlab's
proprietary,
gymnasium
scanning
technology,
so,
in
addition
to
the
name
and
maybe
some
light
details
as
to
what
this
vulnerability
is,
the
picture
will
also
show
you
the
file
and
sometimes
the
line
that
the
vulnerability
was
discovered
within,
and
it
typically
will
also
link
out
to
a
number
of
different
details
about
the
bug.
So
here
we've
got
a
link
to
the
cde
database
as
well
as
the
the
page
for
the
the
log
back
core
module
itself.
B
B
B
In
select
context,
including
dependency
scanning
and
container
scanning
will
also
represent
the
opportunity
for
automatic
remediation.
So
in
this
case,
there's
a
finding
here
as
part
of
this
vulnerability
page
where
this
auto
remediation
demo
had
picked
up
the
fact
that
an
older
version
of
the
muscle
library
was
being
included
which
is
affected
by
cde
2019
14
697..
B
While
this
is
a
high
severity
bug
that
likely
or
vulnerability
that
likely
requires
addressing
the
solution
here
is
very
specific
and
prescriptive.
We
need
to
upgrade
from
the
r3
to
the
r4
version
of
the
11818
version
of
muscle
and
if,
if
the
developer
adam,
do
you
want
to
resolve
this
immediately?
We
offer
a
resolve
with
merge,
request
button
that
automatically
create
an
mr
with
the
necessary
change
to
update
that
version
of
muscle
on
their
behalf.
B
So
it's
great
that
we're
providing
developers
agency,
but
if
you're
part
of
a
security
team,
you
know
you
may
not
want
to
completely
yourself
of
the
duties
that
your
team
is
accountable
for.
So
how
do
you
get
better
visibility
into
the
security
risk
and
the
risk
footprint
of
your
your
projects
or
your
groups?
Gitlab
offers
a
functionality.
We
call
the
security
dashboard
and
this
provides
the
ability
for
you
to
quickly
understand
at
a
glance
the
risk
your
projects
or
your
groups
have
so
in
this
case.
B
The
security
dashboard
here
shows
us
a
roll-up
of
the
number
of
vulnerabilities
that
have
been
found.
You
can
change
this
from
a
30
60
to
90-day
basis
and
some
burn
down
charts
as
to
the
number
of
critical
high,
medium
or
low
vulnerabilities
present,
additionally,
for
all
the
projects
present
within
this
dashboard
view.
So
this
this
is
for
a
specific
group.
B
You
can
see
a
graded
basis,
there's
two
projects
that
would
receive
rate
of
f,
so
they
likely
have
a
number
of
critical
vulnerabilities
that
are
open
and
not
addressed
all
the
way
through
to
a
two
projects.
With
likely
no
findings
open,
you
can
drill
down.
So
if
you
were
to
expand
one
of
those
findings,
you
can
understand
here
and
click
into
the
projects
that
are
have
a
number
of
high
medium
and
low
or
critical
vulnerabilities
open.
B
The
group
security
dashboard
provides
an
overall
view
of
the
bones
of
all
projects
within
a
group
and
subgroups.
You
can
drill
down,
as
I
was
mentioned
before,
from
the
security
dashboard
view,
to
understand
the
affected
projects,
the
files
and
get
some
additional
metadata
to
help
you
analyze
the
risk.
So
here
we
can
see
for
this
particular
group
again
account
of
critical,
high,
medium
low
or
info
level,
or
perhaps
unknown
or
uncategorized
findings,
and
we
can
see
for
each
of
those
findings
which
file
it
occurs
in
and
which
which
scanner
serviced.
It.
B
Let's
talk
about
the
per
project
level.
Similarly,
this
provides
a
greater
level
of
detail
with
additional
burn
down
charts
for
you
to
understand
on
a
project
by
project
basis.
The
most
recent
security
scan
result
on
your
mainline
branch,
as
well
as
jump
into
any
vulnerability
pages
and
address
those
each
and
every
time
the
mainline
branch
is
updated.
Security
scans
are
run
as
part
of
a
separate
gitlab
pipeline,
and
you
can
additionally
specify
a
scheduled
security
pipeline
run
to
ensure
that
this
view
is
up
to
date
and
has
the
most
recent
information
about
that.
Given
project.
B
From
the
dashboard,
if
you
were
to
dive
into
this,
you
can
jump
into
a
vulnerability
page.
Just
the
same
way
I
showed
before,
and
here
this
click
through
shows
us
how
you
can
adjust
the
status
of
a
given
vulnerability.
So
in
this
case,
perhaps
this
is
a
critical
dependency,
I'm
likely
not
to
dismiss
it.
I
likely,
if
I'm
more,
like
a
security
assurance
persona,
and
I
want
to
make
sure
that
I'm
writing
the
findings
and
perhaps
giving
teams
more
actionable
feedback
as
to
what
is
actionable
and
what
is
priority
versus
what
is
not.
B
I
can
set
this
as
a
confirm
meaning
a
human
being.
Myself
has
reviewed
this
and
I'm
I'm
I'm
of
the
belief
that
this
is
a
positive
vulnerability.
We
should
do
something
to
address
it.
There's
several
different
statuses
detected.
That's
the
default
state
for
any
new
newly
discovered
vulnerability,
confirmed.
As
I
mentioned,
I'm
human
I've
reviewed
it.
I'm
confirming
it's
real.
We
should
action
it.
Alternatively,
I
can
dismiss
it
so
if
I've
seen
this
vulnerability
reviewed
it,
but
but
don't
believe
that
it
requires
action,
I
can
choose
to
dismiss
it
and
then
resolved.
B
So
when
this
vulnerability
itself
has
been
removed
from
the
code
base,
the
status
of
this
volume
will
be
changed
to
resolve
from
here.
You've
got
the
optionality
to
create
an
issue.
So
if
you
want
to
assign
a
specific
dri
or
you
want
to
have
a
conversation
with
different
stakeholders
about
what
should
be
done
to
address
a
given
vulnerability,
the
issue
is
the
right
place
to
do
that.
B
B
And
resources
and
then
we'll
likely
be
on
to
q
a
so,
I
think,
there's
about
a
10
minute
warning
before
we
get
into
q
a
so
submit
those
questions
now.
B
Like
that
high
level
slide,
I
showed
before
I
want
to
do-
I
do
want
to
spend
a
bit
of
time
talking
about
what
each
type
of
scan
is
so
git
lab
offers
static,
application
security
testing
this
these
scanners
are
actually
available
as
part
of
our
core
product,
but
if
you
want
the
merge
request
and
the
security
dashboard
functionality,
that
is
ultimate
level
functionality.
In
my
opinion,
that's
where
the
real
value
out
of
kit
lab
comes
in
so
with
sast.
B
B
B
So
what
this
will
do
is
it'll
run
against
review
app,
which
is
a
running
copy
short
lived
of
your
application,
perhaps
deployed
to
a
kubernetes
cluster,
but
there's
some
optionality
in
how
review
apps
work.
Other
scope.
For
today's
conversation,
I'll
say
you
can
optionally,
provide
http
credentials
to
test
private
areas
of
your
application.
B
B
Let's
touch
on
dependency
scanning
next,
so
what
this
can
do
is
help
scan
for
your
project's
dependencies
and
analyze
them
against
known
vulnerabilities,
so
that
muscle
example.
I
talked
to
previously
that's
a
great
example
of
dependency
scan,
so
we
support
java,
javascript
php
python,
ruby
scala
and
go
languages
when
it
comes
to
dependency
scanning.
B
B
B
B
B
Testing
so
beyond
dast
the
ability
to
detect
unexpected
behaviors
as
part
of
unexpected
inputs
of
a
runtime
application.
Fuzz
testing
can
help
you
detect
unexpected
defects
and
weaknesses
by
inserting
malformed
inputs
now
formed
inputs
into
your
application.
This
not
only
can
help
you
with
security
concerns,
but
it's
going
to
also
help
you.
You
know,
understand
the
stability
and
reliability
of
your
application,
which
can
sometimes
lead
to
exploitable
vaults.
B
B
That's
a
wrap
on
the
material
I
had
presented.
We've
got
some
other
auxiliary
material
if
folks
are
curious
to
get
into
compliance
a
little
bit
more,
but
I
think
let's
pause
and
take
some
time
for
q.
A
I've
seen
I've
seen
a
couple
of
questions
come
through
chat
and
I'll.
Ask
chris
sam
or
sean
if
you've
got
ones
you
feel
are
particularly
appropriate
for
live
discussion.
B
We've
got
the
benefit
of
almost
30
minutes
here.
To
discuss.
C
B
Oh,
that's
a
great
question
so
in
the
case
of
something
like
an
auto
remediation
for
dependency
scanning
or
container
scanning,
could
you
set
up
a
policy
to
just
auto
remediate
when
those
findings
happen?
To
my
knowledge,
that's
not
native
functionality
in
gitlab,
but
it
certainly
would
be
possible
via
our
apis.
B
B
C
B
Beyond
that,
I
would
say
where
I
am
denise's
shoes.
I'd
probably
want
a
human
being
to
review
those
merge
requests
before
they
get
pushed
to
mainline
branch.
So
there's
piece
parts
that
you
could
automate,
but
I
think
before
I
would.
I
would
fully
end
and
say
start
changing
the
dependencies
within
my
projects
and
merging
them
to
mainline.
A
And
jamie
before
we
jump
to
the
next
one,
I'm
just
going
to
go
ahead
and
pop
open
a
feedback
poll.
If,
if
the
folks
on
on
the
line
want
to
take
just
a
minute,
there's
just
a
couple
quick
questions
there,
let
us
know
how
we
did
today
and
yeah
we're
looking
forward
to
doing
more
of
these.
So
thank
you.
B
So
while
we
let
those
results
trickle
in,
I
see
another
question
that
chris
guitar
had
captured
from
an
attendee
and
they
provided
a
sample
error
from
the
license
finder,
so
our
license
scanning
job
had
run
and
provided
an
output.
That
said
quote
no
active
or
installed
package
managers
are
found
for
the
project
so
without
reviewing.
You
know
that
particular
example.
B
Personally,
the
way
that
reads
to
me
is
it's
likely.
The
project
isn't
a
language
that
our
license
scanning
supports
and
or
it's
possible
that
the
dependencies
file,
like
your
package
file,
like
a
package.json
in
case
of
no
js
project
or
a
pawn.xml
in
the
case
of
a
maven
project,
isn't
being
found
by
the
scanner
itself.
Well,
in
the
case
of
sorry,
I'm
thinking
more
about
dependency
scanning,
so
in
case
of
license
scanning.
B
Now
I
took
that
back
I'll
jump
back
to
my
earlier
answer,
which
is
which
is
really
the
license
scanning
is
going
to
look
at
all
of
your
different
dependencies
and
look
at
the
licenses
within
those,
so
it'll
depend
upon
having
that
either
a
package.json
or
another
very
similar.
You
know,
depending
on
your
language
specification
of
the
dependencies
of
the
project.
B
C
The
question
from
the
previous
question
about
license
manager-
it's
on
a
mono
rebuild.
Does
that
make
a
difference.
B
It
may
so
it's
conceivable
that
the
scanning
may
need
a
little
bit
of
additional
configuration,
and
you
know,
while
I
don't
have
a
ton
of
personal
experience
digging
through
that
in
a
monorail
context,
it's
very
possible
go
in
angular,
okay,.
B
If
you
want
a
little
more
help
with
that,
I
would
encourage
you
to
either
open
a
support
case.
If
you
go
to
support.giflab.com,
you
can
always
ask
a
question
there
as
a
subscriber
or
paying
customer
at
gitlab
and,
failing
that
feel
free
to
share
with
us
an
email,
we're
happy
to
reach
out
to
you
and
dig
into
it
ourselves
a
little
bit
more.
B
A
Yeah
that
does
it
for
me
thanks
everybody
appreciate
you
joining
and,
like
I
said,
we
will
send
out
the
follow
up
email
with
with
this
recording
linked.
So
you
have
access
to
that
in
the
future
and
hope
you
have
a
good
rest.
Your
day.