►
From YouTube: Hands On GitLab AI in DevSecOps Workshop, AMER Time Zone
Description
Review the hands-on GitLab AI workshop where we will explore Artificial Intelligence and how it fits within the DevSecOps lifecycle. In this session, we cover foundational implementation and use case scenarios such as Code Suggestions and Vulnerability Explanations
A
A
Chat
just
in
case,
if
you
haven't
joined,
I,
went
ahead
and
added
the
sign
up
link
for
anybody
who
might
not
have
an
account.
You
will
need
that
account
in
order
to
access
this
environment
and
you
will
have
access
to
the
environment
for
48
hours,
so
also
something
to
keep
in
mind.
If
you
just
want
to
watch
for.
A
In
again,
if
you
just
join,
definitely
set
up
a
gitlab.com
user
account,
if
you
don't
have
one
already,
this
will
be
required
to
access
the
workshop
environment
and
I'm,
probably
just
GNA,
go
ahead
and
get
started
now.
Yeah
again,
if
you
don't
have
currently
a
working,
gitlab.com
account
definitely
go
ahead
and
sign
up.
I
did
drop
it
in
the
chat.
Here.
Oh
no,
wait!
Let
me
redrop
it
I,
don't
think
I
shared
it
to
everybody
me
just
a.
A
A
A
A
Setup
this
next
section
of
the
lab
is
vital
for
you
to
complete
the
Hands-On
exercise.
The
group
we
have
you
redeem
it.
It
comes
with
an
attached
ultimate
license
so,
and
that
comes
with
shared
Runners
and
all
the
AI
capabilities
turned
on.
So
you
need
to
use
that
provided
group
and,
at
the
end
of
the
workshop,
we'll
provide
instructions
on
how
to
move
that
project
into
your
own
name,
space
for
for
reference
for
later.
A
A
In
gabd
demo.com,
so
you
want
to
go
there
and
we'll
kind
of
walk
through
how
how
we
set
that
up
so
go
ahead
and
open
up
your
favorite
browser
head
over
to
gab,
demo.com
and
you're,
going
to
see
a
button
there
that
says
redeem
this
invitation
code.
So
that's
going
to
be
the
code
that
you
use
that
I
dropped
in
the
chat.
A
A
Problems
when
you
put
in
your
invitation
code,
it's
going
to
ask
you
for
your
gitlab.com
username.
Again,
that's
going
to
be
that
username
that
we
pulled
from
the
profile
in
the
previous
instruction
there,
just
without
the
ad
symbol,
so
just
exclude
the
ad
symbol,
throw
it
in
there
and
you'll
be
able
to
then
from
there.
Click
on
provision,
training.
A
Environment
once
you,
click
on
provision,
training,
environment,
you'll,
see
this
this
this
popup.
Here
it's
going
to
look
similar
to
this
and
it's
essentially
from
there
you
can
go
and
click
on.
My
group
and
it'll
put
you
into
your
provision
group
and
that's
going
to
look
similar
to
this
screen
here.
Essentially,
it's
going
to
say
my
test
group.
It's
going
to
be
followed
by
like
a
a
hash
of
you,
know
just
letters
and
numbers.
So
just
keep
that
in
mind.
A
A
A
There
is
that's
gonna,
be
the
www
G
laab,
demo.com
and
yeah
that
invit
invitation
code
that
Chris
posted
that's
going
to
be
the
the
code
that
you'll
use
so
we'll
go
ahead
and
get
started.
If
you
continue
to
drop
m
Mes
in
in
the
chat,
if,
if
you're
running
to
any
issues
or
anything
like
that,
our
panelists,
Chris,
Kari
and
Steve
Graham
will
be
able
to
help
you
out
so
we'll
start
off
with
you
know
just
kind
of
a
brief.
You
know
look
into
AI
in.
A
Gitlab,
so
gitlab
is
the
most
comprehensive
AI
powered
Enterprise
death,
seic
Ops
platform.
Our
vision
is
clear:
We
Believe
AI
should
be
integrated
throughout
this
software
development
life
cycle,
so
everyone
can
leverage
it
within
their
roles.
We
also
believe
the
responsible
use
of
AI
is
in
the
context
of
privacy
first,
so
that
our
our
our
customers
can
protect
their
in
intellectual
property.
A
We've
Incorporated,
you
know
one
incorporated
into
the
single
Dev
SEC
Ops
application
like
gitlab
AI
amplifies
the
benefits
of
a
platform
approach
and
teams
have
greater
visibility
and
and
metrics
developers
spend
less
time
content.
Tech.
Switching
from
task
to
task
security
and
compliance
measures
are
a
little
more.
You
know
a
lot
more
Rob,
robust
10x
and
Business
Leaders
gain
more
efficiency
U
by
reducing
Tool
spr
alll.
When
delivered
through
that
single
application,
we
believe
AI
will
result
in
a
10x
Improvement
in
the
workflow
efficiency.
A
A
The
you
know
it
helps
adep
SEC,
Ops
teams,
deliver
software
faster
and
more
reliably
improve
security
with
AI
IML
that
can
help
identify
and
mitigate
potential
security
threats
that
way
by
you
know,
analyzing
data
patterns
and
behavior,
Can,
automate
security,
testing
and
Analysis,
and
that
can
help
power
faster
and
more
accurate
detection
and
Remediation
of
those.
Those
vulnerabilities-
and
you
see
on
this
this
little
circular
graph
here,
we'll
continue
on
to
enhance
quality
assurance.
A
Aiml,
can
help
automate
quality
assurance
processes
by
analyzing
data
patterns
and
identifying
potential
issues
in
the
code
that
leads
to
faster
testing,
fewer
bugs
and
higher
quality
software.
And
then
we
get
on
go
on
to
intelligent
monitoring
and
alerting
with
AIML
that
can
help
monitor
systems
in
real
time
analyze.
Data
from
logs
alerts,
other
other
sources
to
detect
anomalous,
behavior
and
potential
security
threats,
and
then
Predictive
Analytics
with
AIML.
A
Critical,
so
we've
been
rapidly
innovating
in
AI
to
help
everyone
involved
in
the
software
development
life
cycle.
So
far,
we've
created,
you
know
essentially
released
issues.
Oh
I'm,
sorry
released
capabilities
such
as
code
suggestions,
suggested
reviewers,
and
this
helps
developer
teams
be
more
efficient
and
reduce
their
cognitive
workload.
A
Cycle
we
at
gitlab.
We
know
that
privacy
is
a
concern,
especially
at
the
Enterprise
level.
That's
why
we're
taking
a
privacy
first
approach
to
designing
these
AI
assisted
capabilities.
Our
single
application
is
Enterprise
ready,
allows
you
to
scale
as
you
need,
without
compromising
on
comp
compliance
and
security,
we're
building
AI
capabilities
with
IP
protection,
privacy
and
compliance
in
mind,
for
example,
with
Co
suggestions.
A
So
protecting
the
privacy
resource
code
is
the
top
priority
for
us
When
developing
these
features,
unlike
other
AI,
assisted
coding
techniques.
Our
code
suggestion
feature
Works
natively
within
gitlab.
Customer
source
code
does
not
have
to
leave
the
gitlab
instance
and
it's
not
used
to
retain
generic
multic
customer
code
generation
models
or
anything
like
that.
This
key
principle
will
stay
our
number
one
priority
as
we
continue
to
develop
these
new
features
within
AI
ml
space.
A
Our
future
goals
with
AI
is
to
enhance
our
def
Ops
platform
by
automating
mundane
tasks
across
the
software
development
life
cycle
with
workflow
automation,
including
assigning
labeling
and
summarizing,
reducing
the
risk
to
insecure
coding
practices
by
automatically
detecting
and
helping
to
remediate
Cod
quality
and
security
vulnerabilities
with
intelligent
code
security,
augmenting
developers
with
you
know,
generative
code
suggestions,
while
writing
reviewing
and
fixing
code.
These
are
just
some
of
the
the
ways
we
plan
to
enhance
our
the
def
Ops
platform.
A
Other
future
goals
consist
of
helping
customers
develop
their
own
AIML
applications
Faster
by
supporting
AI
workloads.
This
includes
enabling
data
science
teams
to
work
seamlessly
within
the
G.
The
gitlab
platform,
with
better
support
for
python
notebooks
and
GPU
runners,
GPU
Runners,
were
recently
released,
so
there's
going
to
be
more
updates
to
come
and
improving
handoffs
between
data
science
teams
and
Dev
SEC
op
seams
with
a
with
an
a
native
gitlab
model
registry,
is
another
thing
we're
looking
into
as
well.
A
I'll
be
posting
some
information
around
our
road
map
links
later
on,
so
we're
going
to
go
forward
into
the
Hands-On
exercise.
Just
kind
of
just
give
you
a
a
brief
in
introduction
how
it
looks
in
practice,
so
we've
done
the
lab
setup,
U,
we've
kind
of
gone
over
Ai
and
gitlab
briefly,
and
now
we're
going
to
go
ahead
and
go
into
the
Hands-On
exercise.
A
Portion
all
right,
and
so
like
I,
said
before
it's
vital
that
you
know
you
have
the
setup
correctly.
As
far
as
you
know,
with
with
the
codes
username
that
we
discussed
earlier,
the
AI
capability
is
going
to
be
turned
turned
on,
however,
within
you'll
have
48
hours
to
continue
to
come
back
and
try
it
out.
That's
because
you
know
with
the
with
the
the
models
that
do
take
time
to
train.
A
Content
I
do
recommend
that
you
set
up
your
desktop
with
two
windows
like
we
see
here,
which
I'll
show
you
kind
of
how
it
looks
on
my
end
as
well,
but
setting
up
you
know
those
screens
in
a
matter
in
which
you
can
kind
of
work
side
by
side
simultaneously
would
be
ideal
because
we
will
be
following
along
with
the
gitlab
issue,
while
actually
working
within
our
environments.
If
you
have
multiple
screens,
definitely
take
advantage
of
those
as.
A
Well,
so
we're
going
to
go
ahead
and
Fork
the
workshop
material,
if
you
do
prefer
a
direct
import
from
a
local
local
archive,
we'll
go
over
some
brief
instructions
on
how
to
do
that.
But
I'll
just
go
ahead
and
show
everybody
how
to
Fork
it
directly
into
their
group.
Their
test
groups
so
go
ahead
and
click
on
the
workshop
project
link
that
was
in
the
chat
and
what
you're
going
to
do
is
click
on
the
fork
button
here
at
the
top
right
I
went
to
encircle
that
in
red.
A
It's
click
on
that
and
it's
going
to
bring
you
over
to
the
the
the
fork
page,
at
which
point
you
want
to
go
ahead
and
search
for
that
group.
Id
that
you
took
note
of
earlier.
The
my
test
group
is
followed
by
a
unique
ID.
If
you
go
ahead
and
paste
that
in
there
that'll
allow
you
to
find
your
group,
your
group
session
a
lot
easier
or
your
session
so
from
there
you'll
go
ahead
and
type
that
in
I
I'll
be
kind
of
walking
you
through
it
as
well.
A
Project
so
once
that
forecast
completed,
you'll
have
your
own
very
own
copy
of
that
Workshop
project
and
that's
going
to
be
located
in
your
demo
lab
area.
If
you
go
ahead
and
remove
the
fork
relationship
by
you
go
to
the
within
that
project,
you
go
down
to
the
settings
General
and
then
scroll
down
to
where
it
says
Advanced
and
you
go
and
expand
that
you'll
see
an
option
there
for
removing
the
fork
relationship
again,
I'm
going
to
walk
through
these
steps
on
my
own
setup
here.
A
A
A
And
again,
what
I
did
was
I
I
pasted.
My
group
ID
here
on
the
project.
Url
drop
down
that
then
automatically
you'll,
see
your
session.
Id
appear
the
session.
Id
is
essentially
going
to
be
the
the
redemption
code
that
we
used
and
then
our
group
IDs
are
going
to
be
the
unique
ID
that
follows
we're
going
to
leave
it
as
private,
we'll
leave
the
slug
the
same
leave
everything
else
default
and
click
on
Fork
project.
A
So
you'll
see
your
fork
project
Ai
and
Def
SEC
Ops.
So
what
you're
going
to
want
to
do
do
now?
If
you
haven't
done
it
yet
is
we're
going
to
go
ahead
and
remove
the
forth
relationship
which
I'll
go
ahead
and
walk
through
those
steps
here?
So
there's
a
sidebar.
If
you,
if
you're
new
to
gitlab
the
sidebar,
is
by
Default
hidden
so
up
here
at
the
top
you'll
see
a
little
I
mean
looks
like
basically
like
a
little
icon.
A
That
looks
like
a
sidebar
you
going
to
click
that
and
that'll
allow
you
to
to
utilize
the
sidebar
here,
and
it
also
keeps
it
kind
of
stuck
on
the
screen.
You
know
kind
of
keep
on
top
there,
but
if
you
click
it
again,
it
will
hide
it
by
again
by
default.
It
is
hidden,
so
you
have
to
go
ahead
and
bring
it
out.
You
don't
have
to
click
it
it'll
it'll
kind
of
slide
out
when
you
hover
over
it.
A
A
General
and
you're
going
to
scroll
down
to
Advanced
and
click,
expand
and
then
you're
going
to
scroll
down
further
on.
So
you
see
the
remove,
remove
Fork
relationship
and
that's
going
to
be
right
before
the
delete
project,
but
so
it's
going
to
be
remove
Fork
relationship
and
it's
going
to
ask
you
to
type
in
the
name
of
the
slug
there,
which
you
can
just
go
and
copy
and
paste
it
and
we'll
hit
confirm
up
at
the
top.
You
will
see
a
notification
that
lets.
A
You
know
that
the
relationship
has
been
removed,
so
we
can
go
ahead
and
close
that
out
and
then
using
the
breadcrumbs
at
the
top
we'll
go
back
to
the
AI
and
Dev
SEC
Ops.
That's
within
our
test
group,
then
quick
note!
You
know
you
can
use
the
the
breadcrumbs
up
here
at
the
top
to
be
able
to
go
back
and
forth
between
different
sections
of
the
path.
A
A
Again,
I
do
recommend
that
you
have
two
windows
opened
up
side
by
side
that
allow
you
to
more
efficiently
follow
along
or
if
you
have
multiple
screens
go
ahead
and
utilize,
those
as
well.
So
the
goal
of
this
Workshop
is
to
give
you
a
look
into
all
the
features
the
gitlab
AI
team
has
been
developing,
but
not
just
Cod
suggestions.
We've
put
a
big
emphasis
on
trying
to
help
Developers
throughout
the
entire
software
development
life
cycle
and
not
just
coding
tasks.
A
Many
of
these
features,
please
note
that
you
know
many
of
these
features
are
still
in
experimental
phase,
so
that
means
they're.
They
may
be
prone
to
some
certain,
maybe
outages
or
certain
hiccups,
as
the
dev
team
is
actively
working
on
enhancing
them,
so
updates
are
being
constantly
pushed.
If
you
know
gab,
we
do
consistently
update
our
product
and
again
it
is
in
an
experimental,
pH
phase,
which
I'll
kind
of
elaborate
on
here
shortly.
A
If,
if
if
this
occurs-
and
you
don't
see
a
particular
feature
or
a
feature
live
here
today-
that
you
hope
to
see
just
reach
out
to
your
account
team
as
well-
and
it
can
provide
you
with
recordings
and
any
additional
information,
otherwise,
you
will
also
have
access
to
this
environment
for
48
hours,
so
I'll
go
ahead
and
open
up.
This
link
here
kind
of
provides
you
some
information
around
the
experimental
state
of
of
features.
So
definitely
take
a.
U
take.
A
Take
you
know
note
of
that
and
keep
in
mind
that
each
of
these
feature
or
a
majority
of
these
features
is
going
to
be
in
still
an
experimental
phase,
but
I
just
wanted
to
give
you
a
a
sneak
peek
into
how
everything
works
in
practice.
If
you
didn't
Fork
the
project
earlier
and
you
preferred
to
import
the
project
using
a
an
import
file,
Step
Zero
will
walk
through
the
steps
of
importing
that
project.
A
Again,
if
you
walk
through
the
steps
of
forking
the
project
that
I
just
showed
here,
you
won't
need
this
Step
Zero.
However,
if
you,
if
you
would
like
to
go
ahead
and
import
it
directly,
there
is
a
link
here
to
the
last
export
and
you
can
go
ahead
and
follow
these
steps
to
import
that
project
as
well.
So
we'll
go
ahead
and
start
at
step.
One
all
of
the
AI
features
have
already
been
enabled
at
the
top
group
level.
A
So
now
we
just
need
to
enable
it
for
ourselves.
Typically,
you
would
actually
enable
these
features
at
the
top
level.
The
top
level
Group,
which
you
know
again,
has
already
been
done
here.
We
won't
be
walking
through
those
particular
steps
in
this
case,
but
definitely
keep
note
of
the
link
here.
That
kind
of
goes
over,
enabling
these
features
for
self-managed
as
well
as
for
SAS.
So
that's
with
code
suggestions.
You
know
there
are
the
code.
Suggestions
has
its
own
settings,
so
you
enable
those
you
know
through
these
links.
A
Them
so
we'll
go
ahead
and
complete
this
step,
make
sure
that
we
complete
step
one.
Otherwise,
Cod
suggestions
will
not
work
for
you
later
on.
So
in
the
top
left
corner
of
the
pro
of
the
of
the
screen.
Here
is
going
to
be
your
profile,
icon,
I'm,
going
to
open
this
up.
If
we
open
up
the
sidebar
you'll
see
that
you
have
a
your
profile
icon
here
on
the
top
right
of
that
sidebar.
If
you
click
on
that,
you'll
then
be
able
to
see
your
preferences.
A
So
essentially
it's
going
to
be
your
profile
drop
down
and
you're
going
to
go
ahead
and
control
click
or
command
click.
The
preferences
that'll
open
up
in
a
different
tab.
That
way
you
can
kind
of
easily
switch
back
as
needed,
but
essentially
what
you're
going
to
do
from
here
is
you're
going
to
scroll
down.
Oh
wait:
you're
going
to
scroll
down
to
code
suggestions
and
you're
going
to
make
sure
that
the
enable
code
suggestions,
checkbox
is.
A
Checked
once
you
enable
that
you're
going
to
click
on
Save
changes,
I've
already
done
it
within
this
environment,
however,
just
just
ensure
that
it's
enabled
there
and
just
click
on
Save
changes
once
you've
enabled
it
and
you'll
get
a
prompt
here
at
the
top
indicating
that
it
has
been
saved.
So
we
can
go
and
close
this
tab
out
since
we
opened
it
up
separately.
A
A
Chat
and
So
within
gitlab
Duo
chat.
These
responses
are
generated
by
Ai,
and
so
what
you
can
do
from
here
is
ask
a
question.
Along
of
you
know,
where
are
my
I'm
I'mma
paste
this
question
here?
Where
can
I
find
my
running
pipelines?
This
is
going
to
pertain
to
all
gitlab
related
questions,
and
it
will
provide
you
with
sources
as
well,
so
I'm
g
go
Ahad
and
type
that
in
again
keep
in
mind
these
are
experimental
phase.
A
So,
if
you
get
a
non-answer
or
anything
along
those
lines,
try
again
in
a
few
minutes
also,
you
have
48
hours
to
kind
of
play
around
with
it
as
well.
In
this
case,
I
did
get
a
response
here
and,
and
it
gives
you
kind
of
the
instructions
on
kind
of
how
to
how
to
go,
go
through
to
the
pipelines,
as
well
as
some
additional
information
and
the
source
documentation
as.
A
A
A
A
Refresh
while
this
pipeline
is
running,
we're
going
to
go
ahead
and
go
over
some
of
the
other
features
here
as
well.
In
fact
we're
going
to
ask
the
AI,
so
it
looks
like
okay,
so
it
looks
like
it
did:
go
ahead
and
drop
the
JavaScript
in
a
pre-formatted
box,
so
that's
just
kind
of
an
example
of
the
different
ways
that
you
can
use.
A
A
A
All
right
cool,
so
that's
going
to
be
the
docs
page
for
the
gitlab
duo.
Gitlab
Duo
is
essentially
the
AI
assisted.
You
know
feature
set
that
goes
across
the
dev
SEC
Ops
platform.
These
features
they
aim
to
help
increase
veloc
velocity
and
solve
key
pain
points
across
the
software
development
life
cycle,
and
there
is
a
pretty
cool
chart
here.
That
kind
of
goes
over
the
particular
feature.
A
The
purpose
of
the
feature,
the
large
language
model
context,
current
availability,
as
well
as
maturity,
so
as
of
now
suggested
reviewers
is
in
general
availability.
However,
you'll
notice
that
the
remaining
features
here
are
still
majority
in
experimental
phases.
We
have
code
suggestions
in
beta
vulnerability,
summaries
and
beta.
So
definitely
you
can
keep
track
of
these
from
here.
I
recommend
checking
back
with
this
page
as
a
kind
of
a
a
central
point,
because
we
will
be
updating
this
documentation
consistently
as
we
continue
to
develop
these
features.
A
C
A
C
A
C
A
Yeah
for
sure,
for
sure
yeah
this
is
something
that
should
be
accessible
from
the
help,
but
again
yeah
with
this
being
experimental,
it's
possible
that
some
some
may
see
it
and
some
may
not
looks
like
is
it?
Is
there
only
one?
Let's
see
I
only
see
one
person
right
now
that
can't
ACC
is
anybody
else
not
able
to
access
it.
I'm,
not
sure
if
this
is
an
isolated.
C
C
C
A
For
sure
so,
I'll
yeah
we'll
definitely
take
that
with
the
product
team
and
and
look
into
that
again.
You'll
have
access
to
this
environment
for
48
hours,
so
we
we'll
be
looking
into
that
and
Additionally
you
can
reach
out
to
your
account
account
executive
to
get
additional.
You
know
demos
or
anything
like
that
and
kind
of
follow
up
with
you
there
as.
A
Well,
so
what
we'll
do
with
that?
I
guess?
Let
me
go
ahead
and
pull
this
up
one
more
time
that
way
everybody
can
kind
of
see,
that's
not
able
to
access
it
going
back.
Essentially,
what
I
did
I
asked
the
gab
Duo
a
couple
questions
around
how
to
find
pipelines,
at
which
point
the
the
typical
format
is
that
it
will
give
you
a
a
quick
blurb
of
what
your
answer
to
your
question
and
it'll
provide
you
with
a
source
generally.
So
in
this
case
it
did.
A
You
know
kind
of
tell
you
how
to
find
those
pipelines,
and
it
brings
you
to
the
pipeline
documentation
and
U
some
some
questions.
You
know
again,
once
you
get
access,
you
will
see
some
of
them.
You
know
again,
it's
experimental.
You
you'll
get
varying
answers
at
times
times,
but
if
you
ask
again,
you
may
get
a
different
answer
again
here.
A
We're
get
looking
at
the
write,
a
tic
tac
toe
game
in
JavaScript,
which
it
looks
like
it,
went
ahead
and
kind
of
spit
out
some
code
here
in
a
code
block
that
you
can
just
kind
of
copy
into
your
projects
to
kind
of
play
around
with
as
well.
So
you
can
ask
questions
around
code,
Generation
documentation
and
various
SK
laab
related
questions
as
well
and
get
related
questions
again.
A
Which
I
I
may
have
posted
earlier,
but
I'll
just
drop
it
now
just
so
that
way,
everybody
can
kind
of
keep
track
of
these
particular
features.
Again.
This
page
will
be
consistently
updated
as
we'll
see.
U
you'll
have
all
the
the
feature,
documentation
purposes
and
additional
details
around
maturity
included
there
as.
A
Well,
so
we'll
go
ahead
and
move
forward
and
take
a
look
at
our
pipelines,
make
sure
that
they've
completed
essentially
to
access
to
pipelines.
If,
if
you're
new
to
gitlab,
you
go
to
build
and
then
pipelines,
then
the
most
recent
pipeline
will
appear
with
on
on
this
screen
here
the
hash
symbol
this
this
hash
number
here
is
going
to
be
essentially
the
pipeline
ID.
It's
going
to
look
different
based
on
how
how
how
much
you
have
your
screen
condensed.
A
So
it
may
look
like
this
or
you
may
look
like
this,
so
it's
going
to
be
the
same
information.
So
if
you
see
something
different
you're,
not
on
the
wrong
page,
it's
just
you
might
might
just
have
a
different
view,
so
we
go
and
click
on
that
little
hash
number
here,
and
so
we
have
a
completed
pipeline
here
which
will
kind
of
move
forward
in
the
workshop
here
with
this
information.
A
So
again,
it's
kind
of
a
typical
pipeline
has
a
build
and
test
processes
and
we
have
the
the
needs
each
in
individual
job
here,
as
well
as
like
progress,
is
going
to
be
listed
here
as
well
as
well
as
tests
and
security.
This
particular
pipeline
did
find
some
vulnerabilities,
which
going
to
be
looking
into
here
in
the
next
step
step.
A
Three
remember
within
gitlab,
you're
able
to
run
your
pipelines,
look
at
the
each
individual
job
run
tests
as
well
as
have
a
a
nice
little
output
of
all
the
security
vulnerabilities
that
may
pertain
to
that
particular
pipeline
run
and
then
from
here
you
can
go
ahead
and
create
issues,
get
more
information,
dismiss
vulnerabilities
and
you
know
open
them
up
to
get
kind,
some
additional
information
and
and
all
from
one
single
painted
glass.
So
in
this
case
we
did
find
a
SQL.
You
know
typical
SQL
injection,
a
basic
SQL
injection
vulnerability
here.
A
This
will
give
you
a
nice
little
blurb
and
some
information
around
you
know
where
it
was
found
and
the
different
identifiers
that
were
used
to
find
it
and
from
here
again
you
can
dismiss
vulnerability.
You
can
create
issues
from
that
from
this
vulnerability
and
and
get
more
information
on
the
oasp
information
as
well,
which
we'll
kind
of
go
further
into
this
U
with
step
three.
So
we've
we've
gone
through
some
of
step.
A
Secure
and
then
vulnerability
report
and
that's
going
to
give
us
the
four
report
and
once
in
the
vulnerability
report,
we're
going
to
click
on
any
of
those
particular
vulnerabilities.
So
I'll,
just
you
know,
start
with
the
first
one
up
here
looks
like
they're
all
SQL
injection
issues,
so
we're
going
to
click
on
the
first
one
and
again
this
is
generally
the
same
window
that
or
the
previous
window
I
pulled
up
was
more
of
a
summary.
This
is
going
to
be
the
actual
vulnerability
itself
So
within.
A
So
what
we're
doing
is
kind
of
scrolling
down
we
found
out.
It
is
a
SQL
injection
vulnerability,
but
where
we're
where
we're
at
now
is
scrolling
down
we're
going
to
click
on
the
explain,
vulnerability
button.
So
within
the
explain
this
ability
section.
What
we're
going
to
do
is
go
ahead
and
send
code
with
the
prompt
and
again
that's
going
to
send
some
source
code,
and
it
gives
you
the
the
option
to
deselect
it
as
well.
But
in
this
case
we're
just
going
to
go
ahead
and
send
it
in
this.
A
A
Feature
not
enabled
okay,
so
it
looks
like
is
anybody
else?
Getting
that
error
feature
is
not
enabled
or
resource
is
not
permitted.
Okay,
so
what
it
looks
like
is,
there
may
be
a
slight
delay
in
enabling
some
of
these
features,
so
it
could
take
up
to
yeah
just
like
Steve
posted
there.
It
could
take
up
to
an
hour
so
again,
you'll
have
access
to
this
environment
for
48
hours,
so
you'll
be
able
to
kind
of
continue
to
play.
A
A
We
apologize
for
the
delay
but
looks
like
there
may
have
been
a
a
recent
change
where
it
may
take
about
up
to
an
hour
for
that
to
update
for
everybody's
permissions,
so
I'll
go
ahead
and
kind
of
do
a
demonstration
of
it
here,
essentially,
as
I
explained
earlier,
you're
going
to
go
down
to
the
explain,
vulnerability,
we're
going
to
go
ahead
and
send
code
with
the
prompt.
This
is
the
prompt
that
we're
sending
and
so
we're
going
to
click
on,
explain
this
vulnerability
or
explain
vulnerability.
A
Response
all
right
so
here
we're
going
to
see
that
the
response
from
the
AI
kind
of
goes
a
little
further
into
what
the
specific
vulnerable
code
was.
So
it
grabs
that
particular
section
of
code-
and
this
will
then
kind
of
give
you
an
explanation
of
how
an
attacker
can
take
a
advantage
of
that
particular
vulnerability
and
then
we'll
have
a
how
to
fix
section
here
for
fixing
the
vulnerability
in
question
again.
These
are
experimental.
A
Even
today
think
there
looks
like
there
were
some
updates,
so
some
of
these
responses
are
a
little
different.
So
so
this
definitely
is
going
to
be
a
useful
for
developers
to
kind
of
U
look
at
specific
sections
of
code
that
are
that
are
enabling
errors
to
occur
alerts
and
then
it'll
tell
you
how
to
fix
it
and
why
it's
an
issue
in
this
case
it
is
going
to
be
a
SQL
vulnerability.
That
typically
goes
it
kind
of
centers
around
the
neutralization
aspect.
A
So
from
here
there's
a
query:
that's
actually
taking
user
input
and
running
a
query
using
that
user
input
and
when
it's
executing
the
query,
it's
not
actually
neutralizing
any
of
the
specific
sections
that
are
needed,
just
a
basic
SQL
injection.
So
in
this
case
an
attacker
could
potentially
put
in
some
type
of
true
statement
that
would
then
allow
them
to
put
whatever
us
name.
They
wanted
and
still
be
able
to
get
past
that
that
login,
prompt
or
anything
along
those
lines.
A
That's
going
to
be
through
the
use
of
parameterized
queries
and
what
that
means
essentially
is
here.
If
we
look
at
the
query,
it's
it's.
It's
a
little
bit
different
from
what
it
was
before,
where
it's
not
solely
relying
on
that
user
input
per
se,
but
it
is
actually
pulling
the
user,
the
the
particular
section
of
the
user
us
input,
that's
needed
to
to
then
concatenate
with
that.
A
So
with
that
I'm
go
ahead
and
expand
out
the
instructions
here
now
that
we
know
kind
of
how
to
fix
the
issue,
we're
going
to
go
ahead
and
kind
of
use.
This
knowledge
here
shortly
in
the
in
the
in
the
rest
of
the
workshop,
so
I'm
going
to
go
ahead
and
step
three.
Let's
go
ahead
and
Mark
that
off
and
we're
going
to
go
down
to
step
four,
and
so
what?
A
If
we
wanted
more
context
about
the
specific
function
function
that
we
had
above
before
we
went
to
go,
make
the
code
change.
So
essentially,
what
we're
going
to
do
is
I'll,
go
ahead
and
scroll
up
within
the
alert,
the
actual
report
and
the
file
location
here,
we'll
give
you
some
a
direct
link
to
where
that
code
was
found.
So
I'm
going
drop
in
here,
real.
A
A
All
right
cool,
so
we
went
ahead
and
dropped
in
to
the
the
code,
specifically
where
it
was
triggering
that
alert
for
this
particular
report
or
this
particular
error.
In
this
case,
it's
line
73,
where
we're
executing
the
query
same
situation,
where
we
have
a
SQL
query
here,
but
we're
taking
direct
user
input
and
using
that
with
the
to
to
basically
fill
out
that
particular
query
which
can
be
dangerous
depending
on
on
how
it's
written.
A
So
in
this
case,
what
we're
going
to
do
is,
if
you
scroll
down
within
that
file,
I'm
going
to
go
ahead
and
kind
of
show
how
it
looks
when
you
get
to
explain
this
code
section.
So
what
we'll
do
is
go
ahead
and
from
the
end
of
the
function
to
the
beginning,
we'll
just
highlight
that
whole
function.
The
create
note,
is
what
we're
looking
at
in
this
case.
Once
you
highlight
that
you'll
see
a
a
little
question
mark
show
up
here
on
the
left.
A
You
and
once
that
is
clicked,
you'll
see
the
code
here
at
the
top
and
then
you'll
actually
see
an
explanation
of
what
that
code
is
doing
again.
This
is
something
that
can
help
developers
with
kind
of
streamlining
their
workflow.
It
may
be
a
developer,
that's
reading
code
that
they're,
just
you
know,
barely
you
know.
Looking
into
for
the
first
time
there
may
be
certain
sections
they
would
like
to
kind
of
get
more
clarification
on
or
kind
of
help
them
with,
with
with
kind
of
perusing
particular
code
base.
A
A
Hours
so
at
this
point
we're
fully
aware
of
why
and
how
our
SQL
injection
vulnerabilities
occurring
so
in
the
next
SE
section,
what
want
to
use
the
Cod
suggestions
to
fix
it
and
there's
going
to
be
some
contextual
links
here
within
the
this
issue
that
are
definitely
worth
taking
a
look
at
right
now,
with
this
section.
There's
a
link
here
to
application
security,
definitely
recommend
checking
that
out.
A
That's
something
that
kind
of
go
over
application,
Security
in
in
gitlab,
as
well
as
a
there,
a
video
here
that
kind
of
goes
over
a
quick
overview
around
that
as
well
and
some
additional
information.
That
would
be
definitely
useful
for
your
team
to
kind
of
get
a
better
idea
of
how
vulnerabilities
are
are
checked
for
and
resolved
in.
A
Four,
so
now
that
we
have
more
context
around
the
SQL
injection
vulnerability,
let's
go
ahe
and
try
to
fix
it
and
do
some
development
with
the
gitlab
code
suggestions.
So
before
before
we
make
any
code
changes,
we
want
to
make
create
a
merge
request
to
track
our
work,
so
we're
going
to
use
the
left-and
navigation
and
go
to.
A
A
A
A
A
A
B
A
That
all
right,
and
so
now,
what
we're
going
to
do,
we're
going
to
go
ahead
and
push
this.
However,
I
also
want
to
demonstrate
the
code
creation
side
of
things
as
well
to
do
that.
We're
going
to
right
click
on
notes
and
we're
going
to
click
on
new
file
and
we're
going
to
build
a
calculator.
I'm
G
drop
it
in
here.
Let
me.
B
A
So
we're
in
the
calculator
now,
whenever
you're
in
the
the
new
file
you're
going
to
want
to
put
in
a
the
the
hash
code.
Here,
it's
basically
going
to
be
the
prompt,
but
we're
going
to
use
the
the
hash
symbol
to
kind
of
spill
out.
Our
prompt
you
can
put
in
you
kind
of
whatever
here,
as
you
kind
of
play
around
with
it,
but
in
this
case
we're
going
to
go
ahead
and
Define
a
calculator
class
that
other
functions
can
call
and
we'll
hit.
A
Enter
again,
this
is
an
experimental
state,
so
you
may
get
varying
results,
but
typically
this
generally,
what
it'll
do
is
go
and
you
know
Define
different
functions
within
this
calculator
class
and
automatically
kind
of
start
adding
what'll
happen
is
it
will
continue
to
iterate
and
keep
keep
adding
As
You
tab
through
it,
so
we'll
go
and
hit
Tab
and
keep
contining
to
hit
Tab
and
it'll
keep
defining
different
functionality
of
this
calculator.
It
can
go
on
for
some
time,
so
just
you
know
play
around
with
that.
A
You
can
stop
at
any
time,
and
kind
of
you
know
continue
to
play
around
with
it,
but
that's
just
kind
of
to
give
you
an
idea
of
how
that
looks
in
practice.
So
I'll
go
ahead
and
kind
of
throw
a
couple
more
functions
in
here,
but
it'll
keep.
You
know
essentially
defining
different
function,
ity
of
that
calculator
from
all
the
basic
arithmetic
down
to
the
more
advanced
functions
here
as
well.
So
just
something
again
keep
in
mind,
as
that
will
give
you
an
idea
of
how
that
works
in
practice.
A
A
It's
going
to
write
a
pretty
in-depth
calculator
class
for
you,
so
what
we're
going
to
do
now
is
going
to
go
and
click
on
the
source
control
button
on
the
side
once
we
click
on
that
we're
going
to
click
on
commit
to
AI
test,
and
this
again
was
just
a
quick
demonstration
on
how
it
would
look
in
practice
or
some
a
particular
use
case
for
using
the
Cod
suggestions.
But
in
this
case
what
we
did
is
we
went
ahead
and
fixed.
A
Five
and
for
the
new
merge
request
we're
going
to
leave
all
the
defaults,
and
so
what
we're
doing
now
is
within
this
merg
Quest.
We
see
that
the
pipeline
is
running
and
we're
also
see
that
there
is
a
AI
generated
summary
here.
If
we
expand
this,
let
me
see
there
we
go.
We
expand
this
out.
This
AI
generated
summary
will
give
you
kind
of
a
brief
overview
of
what
was
done.
A
So
definitely
take
note
of
that,
as
well
as
when
you
scroll
down
you'll,
see
that
there
is
a
here
where
it
says
edit
commit
message.
Again,
that's
going
to
be
the
the
Second
Step
here,
but
if
you
click
on
edit
commit
message,
you
have
an
option
to
create
an
AI
generated,
commit
message
as
well
again:
everything's
an
experimental
State.
A
A
This
gives
developer
kind
of
a
more
streamlined
way
of
utilizing
AI
within
their
workflows,
as
well
as
kind
of
providing
details
automatically
and
also
helping
them
understand
their
code
as
well.
I.
Imagine
that
that
can
also
be
a
good
way
to
to
help.
You
know
troubleshoot
certain
or
debug
certain
in
certain.
A
Scenarios
so
now
that
we've
created
that
message,
we
went
ahead
and
inserted
it.
We've
added
the
code
we
want
to
navigate
to
the
changes
section
and
I
also
want
to
kind
of
walk
through
some
other
features
here
as
well.
Keep
in
mind
that,
within
this
merge
request,
you
will
see
the
different
commits
the
pipelines
that
that's
running
this,
give
you
kind
of
a
status
of
the
pipeline
and
then
we're
going
to
go
over
to
changes
so
in
the
changes
tab.
We're
going
to
look
at
this.
This
view.
A
Here,
let
me
see
all
right
cool
so
within
the
changes
tab,
there's
going
to
be
some
additional
kind
of
features
built
in
here
as
well
such
as
you
know,
you
do
get
a
summary
summary
notes
from
here.
That'll
kind
of
give
some
information
around.
You
know
just
some
summaries
as
to
what
what
happened
here,
that
we
that
we
just
did
keep
that
in
mind.
But
additionally,
there's
going
to
be
the
three
dots
here
on
the
actual
changes,
whatever
particular
file
and
we're
going
to
click
on
suggest,
test
cases.
A
A
For
example,
the
add
operator
test,
subtraction
operator
and
you'll
see
that
it's
actually
adding
three
subtracting,
two
multiplying
four,
so
it's
different
test
cases
that
are
automatically
generated
based
on
what
was
what
we
wrote
so
again,
this
another
kind
of
use
case
that
you
can
utilize
within
gitlab
to
help
streamline
the
development
process
and
and
kind
of
help
with
debugging,
as
well
as
unit
testing
and
kind
of
tying.
These
in
again,
once
again
into
your.
A
B
B
A
You
thank
you
so
yeah
again,
these
features
can
take
a
bit
of
time
to
start
up
so
yeah.
As
we
see
here,
it
could
take
up
to
a
couple
hour,
24
hours.
It
looks
like
here
but
I
believe
it
should
be
likely
sooner,
but
you'll
have
access
to
the
environment
for
20,
48,
Hours,
so
definitely
kind
of
come
back.
Take
a
look
at
it
play
around
with
the
different
features.
Here
again,
we've
gone
over
code
suggestions.
We've
gotten
over
the
explain,
vulnerability.
A
We've
got
on
the
gitlab
duo,
chat,
test
cases,
summaries
generating
commit
messages,
so
definitely
play
around
with
that
and
we're
going
to
go
back
over
and
we're
going
to
take
a
quick
10-minute
Break,
we'll
be
back
around
the
18
after
and
then
we'll
continue
and
kind
of
wrap
up
and
I'll
I'll
be
giving
you
some
best
practices
as
well
as
looking
into
transferring
the
project.
Thank.
A
A
Let's
see
pull
up
the
slides
here,
all
right,
so
throughout
our
next
releases
we
plan
to
apply
AI
assisted
workflows
for
all
personas
across
the
software
development
life
cycle.
The
wave
of
AI
integration
comes
with
lots
of
risky
risk
to
privacy
and
transparency
by
Design,
so
gitlab
is
committed
to
providing
solutions
that
minimize
that
risk
throughout
the
adoption
of
AI
and
I
will
go
ahead
and
post
some
links
here.
A
Around
road
maps
and
other
information,
when
it
pertains
to
AI
I'll,
go
and
drop
that
here
in
the
chat,
definitely
keep
track
of
those
those
resources,
as
well
as
the
gitlab
duo,
documentation
to
kind
of
keep
up
to
date.
As
far
as
the
different
AI
features
available,
as
well
as
the
different
the
directions
that
we're
going
with.
A
Use
so
going
further
than
just
increasing
their
productivity.
Enterprises
must
develop
a
strategy
that
incorporates
AI
throughout
the
entire
software
development
life
cycle
workflow,
rather
than
fragment,
fragmenting
it
to
one
part
to
truly
unlock
the
power
of
AI.
You
need
to
plan
it
apply
it
to
planning
code
creation,
testing
security
monitoring
and
throughout
the
software
development
life
cycle,
you
need
it
from
a
one.
Unified
data
store
using
just
your
company's.
A
Data,
the
explosion
of
AI
into
the
develop
space
has
only
increased
the
importance
of
having
a
comprehensive
security
and
compliance.
Winners
in
this
market
will
choose
a
platform
that
has
a
single
application
with
a
unified
data
model
which
allows
for
unified
AI
capabilities
throughout
the
entire
software
development
life
cycle
flow.
Those
who
are
still
stitching
together,
their
Patchwork
of
Point
products,
and
only
applying
AI
in
the
co-creation
process
will
be
left
behind.
A
With
gitlab
comprehensive
platform
is
key,
just
one
comprehensive
platform,
so
gitlab
is
where
Enterprises
build.
Mission
critical
software
customers
choose
gitlab
because
we're
the
most
comprehensive,
Dev
SEC
Ops
platform
that
enables
them
to
deploy
software
faster
customers
choose
G
lab
because
it's
face
I
sorry,
safe,
safe,
trustworthy,
it
isn't
tied
to
you
know
just
aure.
Only
so
they're
aren't
locked
into
one
Cloud.
It's
it's
open
core.
So
customers
have
more
transparency
into
the
source
code
as
well
as
a
product
road.
A
Map,
so
next
we're
going
to
kind
of
go
into
the
process
of
transferring
your
project.
In
this
case,
you
only
transfer
when
you're
done,
so
this
won't
apply
to
to
many
of
you
as
you
you'll
continue
to
play
around
with
those
features
and
gain
access,
but
just
as
a
quick
show
of
how
it
works
in
Pro
in
process
in
the
in
the
practice
I
just
going
to
I'm
going
to
walk
through
the
steps,
but
only
don't
follow
along
until
you're
ready
to
kind
of
use
those
steps
later
again.
A
Well,
so
that's
going
to
pertain
to
to
the
the
second
issue
which
I'll
go
ahead
and
walk
through
real,
quick
just
for
future
reference.
The
second
issue
here,
which
is
the
transfer
project
issue,
is
the
one
I'm
referring
to,
in
this
case
we're
trans.
We
would
be
transferring
the
project
itself
again.
Don't
follow
these
steps
until
you've
kind
of
completed
your
you're
kind
of
playing
around
with
the
project
for
the
next
48
hours.
A
General
and
then
you
would
scroll
down
to
Advanced
and
click
expand,
and
then
you
would
go
ahead
and
scroll
down
to
where
it
says.
Transfer
project
so
here
You'
be
able
to
select
a
new
name
space
and
you
could
essentially
choose
your
user.
In
my
case,
I'll
choose
my
username
at
which
point
I
would
be
able
to
transfer
the
project
into
my
namespace
by
clicking
on
transfer
project
again
it'll
go
through
the
the
general
confirmation
of
kind
of
typing
in
whatever
you
know,
the
name
of
the
project
to
proceed
again.
A
A
Functionality
so
in
conclusion,
we've
gone
over
the
lab
setup,
U,
Ai
and
gitlab.
We
went
over
a
quick
Hands-On
exercise
to
go
over
some
of
those
features
and
then
we
kind
of
looked
into
our
road
map
as
far
as
kind
of
best
practices
and
going
forward,
and
then
we
looked
at
how
to
transfer
a
project
once
we've
completed
it
and
so
we'll
go
ahead
and
open
for
a
quick
Q&A.
A
C
There
I
think
one
of
the
questions
that
we
got
pretty
frequently
was:
what's
the
availability
of
some
of
the
AI
features
within
self-managed
instances
of
gitlab
rashed
I
provided
some
links
directly
to
some
folks
there,
but
you
know
I,
think
it's
worth
covering
that
you
know
the
code
suggestions.
Functionality
is
available
for
self-managed
customers.
There's
some
prerequisites
for
that
feature.
C
You
know
you
have
to
be
on
a
later
version
of
gitlab,
I
think
at
least
16.0
or
16.1,
but
we've
recently
made
the
process
a
lot
easier
to
onboard
and
start
using
it
on
a
self-managed
instance,
starting
with
16.3.
So
definitely
take
a
look
at
the
documentation,
we'll
be
re-sharing
that
documentation
link
with
the
copy
of
the
deck
and
recording
tomorrow.
So
I
think
just
look
out
for
that
email,
but
yeah.
You
know.
C
Customer
interest
in
you
know,
and
our
issue
tracker
for
the
gitlab
project
so
and
if
you're
interested
in
any
specific
features,
please
let
us
know
in
the
chat
too.
You
know
we'd
be
happy
to
kind
of
hear
that,
and
you
know,
send
the
the
information
over
to
our
product
team
on
any
specific
features
that
you
think
would
be
really
useful
for
you
on
a
self-manage
instance.
A
Thank
you
Chris
for
sure
yeah.
That's
definitely
keep
track
of
the
the
gab
Duo
main
Doc
Page,
as
well
as
the
road
map
information
direction
is
what
we
call
them
our
Direction
Pages.
Those
will
also
keep
keep
you
up
to
date
on
on
everything
that
we're
working
on
as
far
as
AI
in
general,
AI
research
and
then
Chris
did
go
ahead
and
post
the
Cod
suggestions
for
self-managed,
specifically
the
documentation
around
that
as
well.
But
thank
you
for
that.
Chris.
A
A
All
right,
I
didn't
see
any
more
questions.
I
know
once
everybody
kind
of
get
fully
gets
access
to
everything,
definitely
play
around
with
that
and
and
yeah
again.
This
recording
will
be
available
afterwards
and
you'll
have
the
instructions
and
the
issue
to
kind
of
follow
along
with
as
well
all
right.
Thank
you.
Everybody
for
joining
again
you'll
get
an
email
with
some
additional
information,
as
well
as
the
actual
the
recording.
Thank
you.