►
Description
Review the hands-on GitLab AI workshop where we will explore Artificial Intelligence and how it fits within the DevSecOps lifecycle. In this session, we cover foundational implementation and use case scenarios such as Code Suggestions and Vulnerability Explanations
A
Just
I
want
to
make
sure
that
everybody
has
a
working
gitlab.com
account
and
if
you
don't
have
one
already,
and
definitely
you
can
check
out
the
sign
up,
link
here,
actually
I'll
go
and
post
the
link
in
the
chat.
A
A
We'll
go
ahead
and
get
started
again.
Welcome
to
the
gitlab
AI
Workshop
definitely
ensure
that
you
have
a
working
lab.com
account
that
will
be
required
to
follow
along
I
dropped
the
link
in
the
chat
for
the
sign
up
in
case
you
know,
for
anybody
who
hasn't
set
one
up
yet
you'll
have
access
to
this
environment
for
two
days,
48
hours.
A
So
after
following
along
with
with
this
Workshop,
you
can
definitely
continue
to
play
around
with
the
different
features
that
are
presented
and
work
that
out
within
the
next
two
days,
so
I'm
going
to
go
ahead
and
get
started.
A
Welcome
to
the
Ai
and
devsecops
workshop,
my
name
is
Rasheed
babatunde
I'm,
a
customer
success
engineer
here
with
gitlab
I'm
based
out
of
Texas
I've,
been
here
about
a
year
and
a
half
now
and
yeah
I'm
happy
to
be
able
to
present
this
to
you
today.
A
So
before
we
get
started,
we
need
to
first
get
situated
with
our
gay
lab
instance,
so
the
next
few
steps
is
going
to
be
all
about
getting
it
set
up
on
gitlab.com.
A
A
This
this
section
is
pretty
vital
if
you
want
to
come,
if
you,
if
you
would
like
to
kind
of
follow
along
with
the
Hands-On
exercise,
so
the
group
that
we
have
you
redeem
comes
out
of
an
attached.
It
comes
attached
with
the
gitlab
ultimate
license
shared
with
shared
Runners
and
AI
capabilities
turned
on.
So
that
way
you
can
follow
along.
A
A
A
A
What
we'll
do,
then,
is
if
you,
if
you
follow
along
with
the
pre-work
instructions,
you'll
basically
just
need
to
go
to
the
redeem,
your
invitation
and
search
for
the
project
from
there.
So
I'll
kind
of
walk
you
through
how
that
that
works.
A
After
doing
this,
you'll
need
to
make
sure
that
you
actually
have
your
gitlab.com
ID,
so
in
a
new
tab,
if
you're
going
to
open
up
goodlab.com
login,
if
you
go
to
your
profile,
it's
actually
in
the
top
left
corner.
Now,
with
the
with
the
new
update,
updated
UI,
you
go
to
the
your
actual,
the
drop
down
where
it
has
your
your
profile
picture.
You'll
see
your
username
there
that's
going
to
be
your
your
gitlab
ID,
with
the
app
symbol
in
front
of
it.
A
So
after
you
enter
in
the
invitation
code,
you'll
see
that
it's
going
to
ask
you
for
your
gitlab.com
username,
and
this
is
where
you're
pasting
or
put
in
your
username.
Without
the
ad
symbol
and
from
there
you'll
be
able
to
go
and
click
on
provision,
training,
environment.
A
After
you
provision
your
training
environment,
you'll,
see
this
window
here
up
here
from
here,
you'll
be
able
to
see
where
the
URL
is
username
just
go,
and
click
on
my
group
from
here
and
that'll
then
bring
you
to
your
your
your
learning
group
and
that's
going
to
look
like
this,
so
you
should
be
here
after
following
those
previous
steps,
you'll
see
where
it
says
my
test
group
and
it
has
like
a
random
series
of
of
numbers
and
letters.
A
That's
that's
normal.
You
know,
you'll
see
there
it's
going
to
be,
there
won't
be
any
projects
or
groups
or
anything
in
there.
That's
going
to
be
the
after
completing
those
steps,
that's
where
you
should
be.
However,
if
you
do
see
a
404
well,
you
know
definitely
go
back
and
maybe
to
miss
click
or
some
type
of
pasting
error.
If
you
have
any
issues,
definitely
let
us
know
in
the
chat.
A
However,
if
you
do
run
into
one,
you
know
this
issue
make
sure
you
take
a
look
at
your
username
and
ensure
that
there's
no
ad
symbol
in
front
of
it
and
just
check
for
any
spaces
or
anything
like
that,
and
then
also
ensure
that
you
copy
pasted
the
invitation
code
correctly
as
well.
A
And
again,
you
just
want
to
make
sure
that
you
know
you
kind
of
take
a
look
at
what
you're
pacing
in
there
make
sure
that
the
the
invitation
code
matches
what
I
pasted
in
the
chat,
as
well
as
the
username
matches.
What's
in
the
profile
page,
but
without
the
ad
symbol.
A
So
now
everybody
should
be
on
this
screen
or
a
similar
screen
like
this.
So
just
make
sure
you
take
note
of
that
group
ID,
you
will
be
needing
that
later
on,
but
just
go
ahead
and
you
know
copy
paste
that
maybe
into
a
document
somewhere
that
you
can
pull
up
later
another
tab,
but
it
should
look
like
this
right
now.
After
all,
these
steps
have
been
taken.
A
So
we'll
go
ahead
and
hop
into
the
Ai
and
gitlab.
A
So
gitlab
is
the
most
comprehensive
AI
powered
Enterprise
devsecops
platform.
Our
vision
is
pretty
clear.
We
believe
that
AI
should
be
integrated
throughout
the
software
development
life
cycle
so
that
everyone
can
leverage
it
in
their
roles.
We
also
believe
that
responsible
use
of
AI
is
in
the
context
of
privacy
first,
so
that
our
you
know,
customers
can
protect
their
intellectual
property
when
incorporating
into
a
single
devsecops
platform
like
gitlab
AI
will
amplify
the
benefits
of
a
platform
approach.
Teams
have
a
greater
visibility
and
metrics
developers
spend
less
time
context.
A
Switching
from
task
to
task
security
and
compliance
measures
will
be
more
robust
and
Business
Leaders
gain
more
efficiency
by
reducing
tools
brawl
when
delivered
through
a
single
application.
We
believe
AI
will
result
in
a
10x
Improvement
in
workflow
efficiency.
So
what
does
that
mean
for
you?
So
essentially,
what
that
looks
like
is
going
to
be
faster
deployments
by
automating
various
aspects
of
the
software
development
life
cycle,
including
testing
and
deployment
AI
ml,
can
can
help.
Devsecops
teams
deliver
software
faster,
more
reliably.
A
It's
also
improves
security
with
AI.
We
can
help
identify
and
mitigate
potential
security
threats
by
analyzing
data
patterns
and
behavior.
You
can
also
automate
the
security
testing
phase
and
Analysis,
and
that
can
help
power
kind
of
faster,
more
accurate
detection
and
Remediation
of
vulnerabilities
with
enhanced
quality
assurance.
Ai
can
help
automate
quality
assurance
processes
by
analyzing
data
patterns
and
identifying
potential
issues
in
the
code,
and
this
leads
to
faster
testing,
fewer
Bud,
bugs
and
higher
quality
of
software.
A
Predictive
Analytics
helps
with
helps
teams
with
predicting
potential
issues,
identifying
patterns
and
making
data
driven.
You
know,
decisions
that
improve
software
before
issues
become
critical,
and
so
you
know
this
kind
of
creates
this.
This
full
Suite
here
and
Central
to
get
Labs
devsecops
platform.
A
We've
been
rapidly
innovating
AI
to
help
everyone
involved
in
the
software
development
life
cycle.
So
so
far,
we've
released
features
capabilities
such
as
code
suggestions
and
suggested
reviewers,
and
this
helps
developer
teams
be
more
efficient
and
reduce
their
cognitive
load.
There's
also
capabilities
such
as
explain
this
vulnerability
generate
test
Mrs
and
that
helps
security
and
operations
teams
effectively.
You
know
secure
your
software
supply
chain
and
in
capabilities
such
as
gitlab
chat
and
value
stream,
forecasting
forecasting
that
allows
other.
A
A
A
Our
single
application
approach,
you
know,
is
Enterprise
ready
and
allows
you
to
scale
as
you
need,
without
compromising
on
complex
compliance
or
security,
we're
building,
AI
capabilities
with
IP
protection
and
provide
privacy
and
compliance
in
mind.
For
example,
code
suggestions,
assist
developers
in
writing
code
and
operates
completely
in
the
gitlab.com
infrastructure.
This
provides
the
same
level
of
security
as
any
other
feature
of
gitlab.com.
A
And
again,
you
know,
as
far
as
protecting
your
code,
protecting
the
privacy
of
your
source
code
is
a
top
priority
for
us
When
developing
these
features,
unlike
other
assisted
coding,
Technologies
Out,
There,
Our
code
suggestions,
features
they
work
natively
within
gitlab
customer
code.
Source
code
does
not
leave
gitlab
instance,
and
it's
not
used
to
retrain
generic
multi-customer
code
generation
models
or
anything
like
that.
This
key
principle
stays
our
number
one
priorities.
We
continue
to
develop
these
features
within
the
AI
space.
A
So,
as
far
as
future
goals
with
AI,
we
want
to
enhance
our
devsecops
platform
with
AI
by
automating
mundane
tasks
across
the
software
development
life
cycle
with
workflow
automation,
including
assigning
labeling
and
summarizing,
reducing
the
risk
to
insecure
coding
practices
by
automatically
detecting
and
helping
to
remediate
code,
quality
and
security
vulnerabilities
with
intelligent,
cold
security
and
augmenting
developers
with
generative
code
suggestions.
While
writing
reviewing
and
fixing
their
code.
A
We
also
want
to
help
customers
develop
their
own
AI
applications
with
supporting
AI
workloads.
This
includes
enabling
data
science
teams
to
work
seamlessly
within
the
gitlab
platform,
with
better
support
for
python
notebooks
and
GPU
Runners
GPU
Runners
were
recently
released,
so
there's
more
updates
to
come
on
that
improving
handoffs
between
data
science
teams
and
devsecops
teams
with
Native
kid
lab
model
registry.
A
The
next
section
of
this
lab
is
definitely
vital.
We
want
to
make
sure
that
whenever
you
set
up
those
redemption
codes
and
whatnot,
everything
is
going
to
give
you
48
Hours
of
ultimate
to
be
able
to
test
these
outs
yourself
and
because
these
models
take
time
to
train
you
own
it
immediately.
They
won't
immediately
be
available
once
turned
on
at
times.
So
just
keep
that
in
mind
as
we're
kind
of
working
through
these.
These
sessions.
A
A
All
right
paste
it
in
there
so
go
ahead
and
open
up
a
new
browser
window
and
then
go
to
that
that
link
it'll
be
posted.
So
let's
go
ahead
and
go
there
to
access
that
Workshop
content.
A
It's
best
to
open
these
URLs
side
by
side,
as
the
issues
are
not
going
to
be
forked,
so
essentially
what
you'll
be
doing
just
go
ahead
and
you
know
have
maybe
the
issues
on
one
on
the
left
side
or
the
right
side,
whichever
side
you
choose
and
then
the
work
will
be
done
on
the
other
side.
That'll
just
allow
you
to
kind
of
seamlessly
work
through
the
different
issues
and
the
different
tasks
within
those
issues.
If
you
have
one
screen,
you
know
this
type
of
setup
here
would
be
ideal.
A
So
we're
going
to
go
ahead
and
Fork
that
actual
Workshop
there
I'm
gonna
be
walking
through
the
steps
here
and
we'll
just
kind
of
go
and
work
through
it
together
after
you
Fork
that
into
your
environment.
What
you're
going
to
be
doing
is
essentially.
A
Typing
in
your
the
group
name
here
that
we
took
note
of
previously
once
you
type
that
in
you
can
then
Fork
it
in
directly
into
that
test
group
that
you
now
have
access
to
to
your
namespace.
So
we're
going
to
go
ahead
and
select
our
you
know.
A
Our
gitlab
learn
Labs
group
namespace
from
there
and
then
Fork
it
there
as
as
needed,
we're
going
to
ensure
that
their
visibility
level
is
private
and
then
just
go
and
click
on
for
project
and
we'll
give
you
a
few
moments
kind
of
work
through
that
once
you
click
that
button
and
Fork
it
in
the
repository
will
be
forked
into
your
demo
lab
area
that
we
created
earlier.
A
Once
you've
Fork
the
project,
you
want
to
make
sure
that
you
go
ahead
and
remove
the
fork
relationship
to
do
that.
We'll
go
down.
If
you
go
to
the
your
your
on
the
left
hand,
side
go
to
settings
general,
you
know
scroll
down
and
expand
the
advanced
section
and
then
click
on
remove
Fork
relationship
again
I'll
be
walking
through
these
steps
again
as
well,
but
this
is
just
a
give
you
an
idea
of
how
that
looks.
A
I
went
ahead
and
posted
the
issues
section
of
that
project,
so
I
posted
that
in
the
chat
there,
but
we'll
go
and
navigate
there
and
we'll
be
we'll
be
spending
most
of
our
time
here
on
issue
number
one:
modern
development
with
gitlab,
AI
and
I'll
go
ahead
and
do
the
same
in
my
own
environment.
Here.
A
A
A
And
so
what
I
did
again
is
this
kind
of
copy
that
that
hash
code
here
and
I
pasted
it
in
to
the
project
URL
at
which
point
it'll
then
narrow
it
down
to
your
gitlab,
learn
Labs
environment
with
a
with
a
unique
session
ID,
which
is
actually
our
invitation
code
and
the
actual
group
that
was
created
for
you,
we'll
leave
the
project
slug
the
same,
we'll
leave
it
everything,
private
and
click
on
Fork.
A
If
you
have
any
questions,
definitely
drop
it
in
the
chat
and
we'll
get
that
answered
for
you.
A
A
After
that,
fork
relationship
has
been
removed.
You'll
see
the
the
alert
pop
up
at
the
top,
where
it
says
the
fork
relationship
has
been
removed.
A
Using
the
breadcrumbs
up
here,
you'll
be
able
to
actually
grow,
go
directly
back
to
your
project.
There's
multiple
ways:
you
can
either
open
up
the
sidebar
and
click
on
the
project
or
at
the
top.
You
can
navigate
using
the
breadcrumbs.
A
If
you
have
any
questions
about
anything,
we've
done
so
far
definitely
drop
it
in
the
chat,
otherwise
I'll
go
ahead
and
move
forward
cool
cool.
So,
okay,
we'll
start
working
with
issue
number
one
here.
So
the
goal
of
this
Workshop.
To
give
you
a
look
into
all
the
features
that
the
gitlab
AI
team
is
developing,
not
just
close
suggestions,
so
we
put
a
big
emphasis
on
kind
of
helping
developers
throughout
the
software
development
life
cycle
and
not
just
coding
tasks.
But
please
note
that
many
of
these
features
are
in
an
experimental
phase.
A
So
they're,
you
know,
which
means
that
they're
prone
to
you
know
various,
maybe
outages
or
changes
or
modifications
at
any
time,
as
the
dev
team
is
literally
actively
working
on
enhancing
them.
So
if
this
occurs-
and
you
didn't
see
a
feature
demo
live
that
you
hope
to
see.
If
you
don't
see
something
that
you'll
hope
to
see,
just
you
know
reach
out
to
the
account
team
or
provide
you
know
either
recordings
or
you
know
a
call
with
you
to
kind
of
get
some
additional
information
on
that.
A
There
is
a
link
here
that
provides
some
additional
information
around
the
experimental
stage
of
some
of
these
features.
Again,
these
can
change
at
any
time,
they're
actively
being
developed
that
this
as
I
as
I
speak.
So
we'll
just
go
ahead
and
keep
that
in
mind
as
you're
kind
of
walking
through
these
features,
but
again
you'll
kind
of
get
an
idea
of
kind
of
how
everything
looks
in
practice.
A
A
All
right,
what
we'll
do
is
we'll
skip
Step
Zero,
since
we
went
ahead
and
forked
it
so
starting
from
Step
One,
enabling
you
know,
code
suggestions.
All
the
AI
features
have
already
been
enabled
at
the
top
level
group.
So
we
just
need
to
go
ahead
and
enable
them
for
ourselves.
A
It's
recommended
to
go
ahead
and
like
open
it
up
in
a
different
tab.
I
went
ahead
and
clicked
it
directly,
but
if
you
do
a
control
click
on
there,
you
can
open
up
in
a
different
tab,
so
you
can
quickly
go
back,
but
essentially
what
we're
trying
to
do
now
is
scroll
down
to
where
it
says.
Code.
Suggestions
in
this
case
I've
already
enabled
it,
but
you
want
to
make
sure
that
that's
already
enabled
within
your
own
profile,
to
enable
code
suggestions.
A
So
we'll
go
ahead
and
close
that
out
or
or
click
back,
if
you,
if
you
didn't
control
click.
A
So
now
we've
turned
on
all
the
existing
AI
features
within
our
our
group.
There.
A
Before
we
move
this
step,
two
in
in
general
practice,
whenever
you
know
in
this
in
a
regular
scenario
there,
there
is
a
Doc
Page
here
around
enabling
these
features
we've
already
done
that
for
you
at
the
top
level
group,
but
just
if
you
want
to
kind
of
get
an
idea
of
how
that
looks,
there
is
a
document
here,
that's
linked
within
step,
one
around
enabling
AIML
features
in
your
own
environments,
so
there
are
code
suggestions
specifically
there's
how
to
enable
it
for
self-manage
as
well
as
SAS,
so
just
keep
that
in
mind
as
you're
kind
of
going
through
these
you
know
for
next.
A
You
know
this
documentation
is
available,
so
I
just
want
to
kind
of
point
that
out
around
how
that
works.
As
far
as
enabling
those
features
again,
we
already
enabled
it
at
the
top
level
group.
So
all
we
had
to
do
is
enable
it
on
the
profile
on
our
own
profiles.
A
So
we're
going
to
go
ahead
and
use
the
left
hand,
navigation
menu
to
click
through
to
build
in
Pipelines,
so
essentially
I'm
gonna
scroll
over
here
within
your
test
group
in
the
project
Ai
and
devsecops
we're
going
to
go
to
build
and
then
Pipelines.
A
So
we're
going
to
go
and
let
this
you
know
pipeline,
run
and
kind
of
go
over
just
a
few
other
features
while
we're,
while
we're
waiting
on
that.
So
essentially
what
if
we
hadn't
known
where
to
access
the
pipelines?
That's
one
example:
if
we
didn't
know
we
can
use
a
new
feature,
the
called
the
the
is
the
AI
chat.
Ask
it
lab
Duo.
So
what
I'll
do
is
kind
of
show
you
how
that
looks
in
practice.
A
So
what
you
would
do
is
in
the
menu
down
here
at
the
bottom
left,
where
it
says,
help
you'll
see
a
little
question
mark
there.
Again
you
have
to
open
up
the
sidebar
to
see
it.
You
click
on
help
and
you'll
click
on
gitlab,
Duo
chat,
foreign.
A
Page
is
linked
here
kind
of
goes
over
some
more
additional
information
around
this,
but
I'll
kind
of
walk
through
how
it
will
look
in
practice.
So,
essentially,
what
you
would
do
here
is
you
can
ask
gitlab
anything
essentially.
So
what
we'll
do
around
you
know
just
using
gitlab,
so
I'll
go
ahead
and
I'm
gonna
paste.
This
question
in
here.
A
Just
as
an
example
again,
these
features
are
actively
being
developed.
So
if
you
see
any
of
you,
you
know
notice
any
delays
or
anything
like
that.
Just
keep
in
mind
that
you
know
these
features
are
an
experimental
phase,
but
essentially
by
putting
in
where
can
I
find
running
pipelines,
this
actually
kind
of
walks
through
how
to
how
to
how
to
do
these
different
topics.
Again,
you
can
paste
in
anything
you
want
around.
A
And
So,
based
on
you,
know,
just
different
questions.
You
can
ask
here,
you
know
you'll
get
sources,
brief
descriptions,
Source
links
everything
like
that
again,
these
are
experimental.
So
sometimes
you
know
if
you
get
an
answer
or
no
answer
or
whatever
the
case
may
be,
keep
that
in
mind
that
that's
something
that's
actively
being
developed,
so
just
something
you
can
play
around
with,
as
you
have
access
to
this
environment.
A
A
This
page
is
going
to
be
Central
to
kind
of
get
an
idea
of
all
the
different
features
that
you
have
available
to
you,
how
they
work
the
maturity
levels,
current
availability,
which
llm
is
being
used
to
large
language
models
and
the
purpose
so
definitely
keep
this
in
mind.
It's
it's
in
the
in
that.
Let
me
see
it's
going
to
be
in.
Oh,
it's
the
wrong.
A
It's
gonna,
be
here
on
step.
Two
I'll
actually
drop
this
in
the
chat,
because
this
is
going
to
be
pretty
a
pretty
good
Pace
to
keep
track
of
again
you'll
get
a
copy
of
this
as
well,
but
this
is
gonna,
be
pretty
important.
Kit
pays
to
keep
track
of
if
you're
interested
in
the
AI
features
for
it's
gonna
be
get
lab.
Duo
get
up
duels,
essentially
the
suite
of
AI
capabilities,
the
offered
by
gitlab
to
power,
your
workflows.
A
And
again,
this
page
will
be
kept
up
to
date
as
you'll
see
the
maturity
level
here.
A
lot
of
these
are
an
experimental
stage.
So
just
again
just
keep
that
in
mind.
Each
of
these
will
link
to
direct
document
pages
that
specifically
pertain
to
that
particular
feature
and
then
down
here
at
the
bottom,
you'll
start
to
see
kind
of
just
the
different
ways
of
enabling
and
how
you
know.
Different
data
is
used
and
everything
like
that.
A
All
right,
so
our
pipeline
has
completed
so
we'll
go
ahead
and
move
forward
to
the
next
step.
Again
this
something
you
keep
in
mind
that
you
do
have
access
to
the
gitlab
duo
chat.
You
can
ask
gitlab
questions
around.
You
know
your
your
development
process
within
gitlab,
different
gitlab
features,
and
it
will
give
you
an
answer
again.
Sometimes
you
may
get
a
non-answer
or
anything
like
that.
A
It's
going
to
be,
you
know
again,
this
experimental
feature
you
can
ask
it
again
or
kind
of
play
around
with
that,
but
again
just
keep
keep
that
in
mind
and
also
be
sure
to
check
check
back
our
gitlab
Duo
document
page
to
get
more
up-to-date.
A
And
we're
going
to
go
to
step
three
security
results
in
AI,
so
next
we're
going
to
use
the
left
hand,
navigation
menu
to
go
to
build
and
pipelines
which
that's
where
we
are
now,
but
I'll
go
ahead
and
follow
along
get
to
this
page
here,
so
we'll
go
to
build
pipelines
and
we're
going
to
ensure
that
the
most
recent
pipeline
did
complete
what
you
did
and
we'll
go
ahead
and
click
within
that
pipeline
completion,
which
is
always
going
to
be
the
hashtag
the
hash
number.
A
Here,
that's
going
to
be
the
actual
pipeline
itself
that
ran
so
if
we
click
into
that
that'll
give
us
this.
You
know
the
pipeline
status,
the
needs
jobs,
test
security,
all
the
different
particularities
that
pertain
to
that
pipeline,
so
we'll
kind
of
spend.
You
know
we
can
spend
some
time
kind
of
taking
a
look
at
the
different
information.
That's
available
to
you
here.
A
In
fact.
In
case
you
were
not
aware,
when
you
run
the
pipeline,
you
can
actually
look
at
each
specific
job
that
ran
within
those
pipelines
by
clicking
on
the
jobs
section.
Any
tests
that
were
applied
within
this
scenario,
as
well
as
the
security
vulnerabilities
which
we're
going
to
be
kind
of
touching
more
on
this
here
shortly.
A
So
kind
of
moving
forward
from
you
know,
security
vulnerabilities.
What
we'll
do
from
here
is,
if
you
go
to
the
left
sidebar
and
go
down
to
secure
an
invulnerability
report.
A
You'll
see
those
same
vulnerabilities
here
on
the
list,
with
kind
of
some
additional
information,
and
so
once
in
that
vulnerability
report
we're
going
to
click
into
one
of
these
vulnerabilities
that
we
see
here-
and
this
will
kind
of
you
know-
lead
us
into
the
specific
vulnerability
and
we
can
kind
of
start
looking
at
some
of
the
other
AI
features
and
how
they
play
into
the
into
the
software
development
life
cycle.
A
So
we'll
see
here,
this
is
actually
a
improper
use
of
a
particular
code
that
kind
of
allows
SQL
injections.
So
it
gives
you
a
brief
description
of
kind
of
what's
going
on.
You
know
it's
kind
of
examples
and
some
some
additional
details,
the
tool
that
was
used
scanners,
everything
along
those
lines.
However,
if
you
scroll
down
a
little
further
you'll
see
a
section
here
called
explain
this
vulnerability,
I'll,
explain
this
vulnerability
and
how
to
mitigate
I'm
using
AI.
Again.
This
is
a
beta
feature,
but
go
ahead
and
click
on
explain.
Vulnerability.
A
I
would
ensure
this
ensure
that
the
send
code
is
checked
in
this
case
and
you
can
actually
see
the
specific
prompt
that's
being
sent
as
well.
So
if
you
click
on,
explain
vulnerability
that
will
pop
out
from
the
from
the
right
side
here
kind
of
where
the
gitlab
chat
was
initially
and
it'll
start
to
generate
a
response
for
you.
A
All
right,
so,
if
you
see
here,
the
response
was
generated
by
AI
did
give
us
a
description
of
what's
going
on
the
the
code.
The
specific
code
that
was
found
to
be
vulnerable
it'll,
give
you
some
information
around
what
happens
by
using
that
code
and
how
it
can
be
exploited,
and
at
that
point
you'll
see
a
fix.
There's
a
fixed
section
here.
It'll
actually
give
you
a
fix
to
that
particular
code
block
that
was
up
at
the
top.
There.
A
And,
as
you
can
see
from
here,
we
had
a
good
user
info
function
and
it
looks
like
with
the
query
you
know
this
allows.
You
know
it
allows
attackers
to
essentially
put
in
a
true
statement
that
would
allow
you
know
them
to
put
any
kind
of
username
in
there.
A
So
by
applying
this
fix,
you'd
actually
parameterize
the
query,
and
so
that
way
it
kind
of
eliminates
that
particular,
you
know,
attack
Vector,
so
just
pretty
interesting
use
of
the
AI
to
actually
kind
of
take
a
look
at
your
code
and
then
give
you
a
suggested
fix.
So
what
we'll
do
is
from
here?
You
know
now
that
we
know
kind
of
what
we
need
to
do
to
fix
it.
A
So
we'll
use
this
knowledge
here
shortly
to
kind
of
fix
it
within
our
own
environment.
Here.
A
So,
in
this
case,
so
what
if
we
wanted
more
context
about
specific
functions
before
we
went
into
making
code
changes
from
within
the
vulnerability
report
which
we're
looking
at
here,
you
can
go
directly
to
the
file.
That's
in
question
so
go
ahead
and
scroll
down
to
where
it
says,
location
and
you'll
see
the
file
itself
and
you'll
see
that
it's
actually
a
db.pi
and
it's
going
to
be
line
number
111..
A
So
we
can
go
and
click
into
that
and
that'll
point
us
directly
to
where
we're
seeing
that
vulnerability.
In
this
case,
what
we
can
do
is,
let's
see,
we're
going
to
locate
the
line.
So
this
is
the
line
here,
or
this
is
the
function
here,
rather
that
that's
in
question,
and
it
did
go
ahead
and
comment
that
around
kind
of
what
type
of
vulnerability
would
be
would
be
available
through
this
type
of
coding.
So
what
we'll
do
is
going
to
go
ahead
and
make
some
edits
here.
A
A
And
with
that
code,
explanation
again,
developers
can
use
this
to
kind
of
get
a
better
idea
of
you
know
in
this
scenario,
as
we're
kind
of
analyzing
our
code
to
kind
of
get
it
better
at
you
know,
get
a
better
understanding
of
of
any
security
vulnerabilities
or
anything
along
those
lines.
This
is
just
kind
of
a
particular
use
case
around
explaining
the
code
and
seeing
how
that
how
that
fits
in
a
typical
workflow.
So
this
you
know
again
just
keep
that
in
mind.
A
A
So
we'll
look
at
this
so
at
this
point
we're
fully
aware
of
kind
of
how
our
secret
injection
vulnerabilities
kind
of
occurring
so
we're
going
to
go
ahead
and
try
to
implement
some
of
these
suggestions
before
we
move
forward.
There
is
a
document
here
that
goes
over
application.
Security
overall,
so
definitely
recommend
taking
a
look
at
that,
and
that'll
kind
of
you
know
go
over
application
security
as
it
pertains
to
vulnerability
reports
and
and
and
just
mitigating
different
vulnerabilities.
A
All
right
so
that
completely
explain
this
code.
So
let's
go
and
take
a
look
at
the
code
suggestions.
So
now
that
we
have
more
context
around
that
SQL
injection
vulnerability,
let's
go
ahead
and
try
to
fix
it,
I'm
going
to
fix
it
using
the
gitlab
code
suggestions.
So
before
we
make
any
changes,
we
want
to
create
a
merge
request
to
track
our
work.
So
what
we'll
do
is
Click
through
from
the
code
branches.
A
A
A
And
so
now
we're
going
to
start
to
kind
of
Implement
some
of
the
the
the
code
suggestions
that
were
presented
earlier.
A
So
on
line
111,
this
is
the
Dakota
execution
that
would
actually
have
it
allowed
the
SQL
injection.
So
that's
what
we
learned
earlier
from
the
explain
this
vulnerability
section.
So
what
we're
going
to
do
is
actually
use
code
suggestions
on
a
different
class.
Oh
no,
wait!
Let
me
let
me
go
back
up.
Let's
see,
we
want
to
actually
update
that
using
the
code
suggestion
that
was
given
to
us
earlier.
So
let
me
go
back
to
close
this
out.
A
And
this
is
using
the
fix,
so
in
this
case
I
you
can.
We
could
actually
go
back
to
that
vulnerability
if,
if
needed,
if
you
go
to
secure
vulnerability
report
and
click
on
the
actual
vulnerability,
I
still
had
it
pulled
up
in
a
different
tab.
But
from
here
you
can
just
go
back
and
click
on
explain
this
vulnerability.
A
All
right-
and
so
we
know
now
this
fix
here-
what
we
did
was
parameterize
parameterize
the
query.
A
So
essentially,
if
you
look
at
the
the
differences
here,
the
query
here-
it
has
a
little
format
function
here,
so
essentially
by
allowing
a
customer
to
you
know,
or
anybody
to
an
attacker
anybody
to
actually
enter
in
whatever
they
want
here
they
can
create
a
true
statement
that
will
allow
them
to
use
any
username
essentially,
but
by
updating
that
particular
line
in
parameterizing
it
that
allows
us
to
you
know
kind
of
prevent
that
from
happening.
A
So
what
we
did
here
is
with
our
execute
function
here,
instead
of
just
executing
the
query
that
we
did
up
here
see
up
here.
We
actually
just
executed
the
query,
but
here
we
we
were
very
specific
and
pulled
the
username.
So
what
we're
doing
now
is
we're
implementing
the
fixes
here
into
our
code
here
so
line.
A
111
was
the
main
issue,
but
by
updating
the
query,
we're
now
going
to
go
ahead
and
update
111
as
well
to
include
the
new
edition
to
kind
of
help,
utilize
the
query
that
we
updated
previously
so
we're
going
to
pull
that
username
out
of
there.
A
So
those
two
particular
lines
were
changed
in
this
case,
where
we
basically
just
parameterized
and
then
eliminated
that
particular
attack
vector.
A
And
as
you
see,
this
is
just
a
way
it's
a
one
way
of
you
know
the
developers
can
use
gitlab
to
help
and
enhance
their
code
and
mitigate
different
vulnerabilities
that
they
may
see
when
they're
pushing
a
merger
requests
again.
What
we
did
is
we
saw
kind
of
a
before
and
after
of
an
example
of
a
SQL
injection,
and
then
we
actually
implemented
the
fix
by
updating
the
line
111,
which
is
the
the
this
execute
method
here,
as
well
as
the
query
itself,.
A
So
now,
let's
go
ahead
and
we're
going
to
use
code
suggestions
in
a
different
class
as
well,
so
we're
gonna
go
ahead
and
add
a
calculator
class
to
this
application
so
that
we
can
enable
and
enable
calculations
in
the
notes.
So
now
that
we've
completed
updating
this
vulnerability,
we're
gonna
go
ahead
and
go
back
to
the
notes.
Folder
and
right
click
I'm
going
to
hit
new
file
I'm
going
to
create
a
file
called
calc
dot.
Pi.
A
So
we're
going
to
go
ahead
and
use
the
class
that
was
oh
I'm.
Sorry,
the
The
Prompt
here
at
the
bottom
to
prompt
we're
going
to
use
the
hash
symbol,
we're
in
pythons
we'll
use
that
hash
symbol,
so
we'll
go
ahead
and
paste
that
in
and
hit
enter
at
which
point
after
hitting
enter
it'll,
actually
start
generating
the
the
code
for
you
from
here
all
you'd
have
to
do.
You'll
see
it's
grayed
out.
You
actually
tab
to
accept.
A
And
what
that
does
is
essentially
after
putting
in
that
hash
and
defining
your
prompt
and
just
hitting
enter
that'll
then
start
generating
code
for
you
within
the
web
IDE,
and
you
know
you
can
kind
of
it's
something
you
can
kind
of
play
around
with
again.
It
could
take
various
periods
of
time,
depending
on
what
you
ask,
definitely
again
keep
in
mind
that
it
is
still
experimental,
but
by
pressing
enter
from
here,
you
can
kind
of
continue.
It'll
continue
writing
code
to
kind
of
complete
this
particular
class.
A
Because
this
is
a
you
know,
fairly
broad,
prompt
I
mean
it's
gonna.
It's
gonna
keep
going
for
for
some
time.
Actually,
because
you
know
it's
just
kind
of
gonna
start
building
out
all
the
different
classes
and
functions
within
those
classes,
and
so
this
is
something
to
keep
in
mind.
Just
give
you
an
idea
of
how
that
looks
in
practice.
Again,
it's
it's.
A
Actually,
you
know,
spelling
out
the
different
functions
as
far
as
adding
subtract,
subtracting
multiplying,
but
then
we
also
have
you
know
this
different,
more
advanced
calculations
here
and
and
modulus,
and
things
like
that.
So
this
something
to
keep
in
mind
that
you
know
this
isn't
something
you
can
use
within
your
within
your
own
workflow
to
develop
all
other
kinds
of
code.
A
So
as
we
as
you're,
given
the
suggestion
to
continue
to
hit
tab
as
I
told
you
earlier
and
it's
gonna,
you
know
it's
gonna
write.
A
very
in-depth
calculator
function
so
so
definitely
feel
free
to
stop.
After
you
know,
five
or
so
methods
just
kind
of
get
just
give
you
an
idea
of
how
it
looks
and
it
doesn't
just
work
for
python
files.
It
also
supports
if
it
supports
multiple
project
types
of
languages
per
project.
A
So
what
we'll
do
now?
Let's
go
and
scroll
to
the
AI
sandbox.
A
And
within
AI
sandbox
you'll
see
all
the
different
types
of
code
in
here
and
kind
of
pay
around
test
with,
and
you
can
go
ahead
and
you
know
use
these
as
a
way
to
trigger
the
code
suggestions
to
develop
different
types
of
code
based
on
these
particular
languages
here.
A
On
the
left
hand,
side
I'm,
going
to
click
on
this
drop
down
here
next
to
commit
commit
to
AI
test
I'm
going
to
click
on.
Oh,
no,
actually
we're
going
to
go
and
click
on
commit
to
AI
test
here.
So
we're
going
to
commit
to
this
to
this
new
branch.
A
All
right
and
so
you'll
see
the
Mr
up
here.
That's
going
to
go
through
the
the
pipeline
is
going
to
run
any
any
relevant
approvals
or
anything
appear
here
as
well,
and
then,
if
you
scroll
down
a
little
further
a
matter
of
fact,
if
you
go
to,
let
me
go
back
down.
A
One
other
feature
here:
whenever
you're
in
your
Mr,
if
you
go
over
to
changes,
you
can
actually
click
on
the
little
three
dots
here
this
option
and
you
can
click
on
suggest,
test
cases
cases.
So
that's
another
feature
that
will
you
know
again
just
help
with
your
workflow,
where
you
can
actually
create
test
cases
that
are
suggested
for
you
through
the
AI.
So
we
can.
A
There
we
go
so
with
our
calculator
class.
We've
used
AI
to
help
us
generate
test
cases
again.
Another
way
you
can
kind
of
utilize
this
to
enhance
your
workflow
again.
These
are
all
experimental
features.
However,
when
you'll
have
48
hours
kind
of
play
around
with
this
in
a
gitlab
ultimate
environment.
A
Our
overview
here
at
the
top
you're
going
to
see
a
AI
generated
summary
of
what
we've
done
and
click
the
drop
down.
We'll
see
that
the
ai
ai
did
recognize
that
we
created
a
calculator
class
with
various
mathematical
operations
and
the
ability
to
get
a
result.
Clear
result
convert
the
result
to
a
string,
and
so
it
kind
of
gives
you
just
an
overview
of
what
we
just
did.
Something
you
can
take
advantage
of
as
well.
A
And
that's
in
the
merge
section
here,
if
you
scroll
down
to
merge
we're
on
step
six
here,
so
we
go
select
edit
commit
message
and
we
selected
that
what
that
did
was
open
up
this
new
box
and
we
can
create
an
AI
generated,
commit
message.
So
by
clicking
that
AI
generated
commit
message,
it's
going
to
again
kind
of
give
us
a
a
summary
of
what
was
done
up
here.
You
saw
the
latest
summary,
but
this
here
is
going
to
give
us
a
commit
message
that
we
can
now
apply
into
our
commit
message.
A
A
We
refactored
the
DB
file
here
and
fix
the
SQL
injection
injection
vulnerability,
and
so
it
did
detect
that
we,
you
know
we're
now
using
parameterized
queries,
and
we
also
you
know
just
it
gives
you
a
brief
summary
of
everything.
We've
done
so
from
here.
We're
going
to
go
and
click
on
insert.
A
And
you'll
see
that
that's
actually
been
inserted
into
the
commit
message
again,
you
kind
of
get
an
idea
of
how
that
would
look
in
practice
as
your
developers
that
are
writing
code,
they
can
get
commit
message
generated
for
them,
summaries
generated
for
them
test
cases
generated
as
well
as
vulnerability,
explanations
and
and
code
suggestions,
so
we're
going
to
set
that
to
Auto
merge
in
this
case.
A
And
so,
if
we
go
to
just
close
that
out,
so
we've
already
gone
over
the
test
cases.
But
again
what
we
did
was
went
over
to
changes
clicked
on
the
options,
button
and
clicked
on
suggest
test
cases,
and
that
gave
us
those
test
cases
just
wanted
to
kind
of
show
you
that
again,
and
so
again
with
that
quick
overview
of
all
the
different
features.
A
Oh
wait.
Let
me
go
back
hold
on
there.
We
go
so
test.
Cases
are
generated.
What's
going
to
go
back
here,
so
we've
merged
that
in
what
we'll
do
is
I'm
gonna
show
some
of
these
code
suggestions,
documentation
as
well.
This
document
page
here
will
kind
of
give
you
a
more
information
on
code
suggestions
as
well
as
kind
of
there's
a
YouTube
video
on
how
to
get
started
as
well.
A
They'll,
go
over
a
lot
of
what
we've
kind
of
looked
at
now,
but
I
just
wanted
to
point
out
that
there
are
the
different
supported
languages,
infrastructure
interfaces,
the
supported
languages,
in
particular
whatever
particular
Ides.
This
can
be
implemented
in
like
vs
code
or
something
along
those
lines,
and
there
are
so
you
know
some
editor
extensions.
A
We
also
go
over
kind
of
how
data
usage
is
thing.
You
know
kind
of
managed
here,
there's
something
that
may
be
important
and
some
some
additional
information
around
how
training
data
is
handled
and
known
limitations
and
whatnot.
So
definitely
keep
that
in
mind.
A
At
this
point,
we've
finished
the
Hands-On
portion
again,
you'll
have
access
to
this
for
48
hours
kind
of
continue
to
play
around
with.
So
definitely
you
know
check.
Take
a
look
at
steps.
Some
of
these
features
you
could
just
throw
in
various
scenarios,
see
how
it
reacts
and
again
just
keep
in
mind
that
it
is
experimental.
A
So
if
you
run
into
any
kind
of
delays
or
anything
like
that,
just
kind
of
try
again
or
you
know,
try
different
types
of
of
prompts
and
and
and
see
what
kind
of
results
you
get.
A
So
we're
going
to
go
ahead
and
take
a
10
minute
break
just
kind
of
allow
everybody
to
get
a
good
drink
of
water.
Go
to
the
bathroom,
continue
to
kind
of
play
around
with
these
features
and
we'll
be
back
around
the
10
15
Mark
or
the
15
after
I
pass
the
hour.
A
All
right
we'll
go
and
get
continue,
so
we're
gonna.
Look
at
some
AI
get
lab
AI
get
best
practices.
A
So,
throughout
our
throughout
our
next
releases,
we
do
plan
on
applying
AI
assisted
workflows.
For
our
you
know,
off
personas
across
the
software
development
lifecycle,
the
wave
of
AI
integration
comes
with
lots
of
risks
to
privacy
and
transparency
by
Design.
So
gitlab
is
committed
to
providing
solutions
that
minimize
that
risk
throughout
the
adoption
of
AI.
A
From
planning
an
application
to
deploying
it
and
monitoring
it,
we
will
be
using
this
workflow
and
showcase.
You
know
how
user
stories
are
defined
by
you
fit
on
this
workflow.
For
for
the
software
development
life
cycle.
Each
step
in
the
software
development
life
cycle
requires
different
capabilities,
different
and
cohesive.
You
know
to
respond,
you
know
to
the
different
requirements
or
user
story.
This
is
one
of
the
points
that
I
want
to
highlight.
A
That
gitlab
is
a
devsecops
platform,
with
all
the
components
needed
to
build
software
faster
and
pre-integrated,
ready
to
use.
A
Enterprises
must
develop
a
strategy
that
incorporates
AI
throughout
the
software
development
workflow,
rather
than
fragmenting
it
into
one
part
to
truly
unlock
the
power
of
AI.
You
need
to
apply
it
to
planning
code
creation,
testing
security
monitoring
and
just
throughout
the
entire
software
development
life
cycle,
you
need
it
from
one
unified
data
store
and
using
just
your
just
your
company's
data.
A
With
the
explosion
of
AI
into
the
development
space,
that's
only
increased
the
importance
of
having
comprehensive
security
and
compliance.
Winners
in
this
market
will
choose
a
platform
that
has
a
single
application
with
a
unified
data
model
which
allows
for
unified
AI
capabilities
throughout
the
entire
software
development
workflow.
Those
who
are
still
stitching
together,
the
patchwork
of
you,
know,
Point
products
and
only
applying
Ai
and
code
creation
processes.
That'll
be
left
behind.
A
So
with
that,
being
you
know
in
mind,
it's
important
to
kind
of
keep
one
comprehensive
platform
as
key
gitlab
is
where
Enterprises
build.
Mission
critical
software
customers
choose
get
lab
because
we're
the
most
comprehensive
devsecops
platform
and
that
enables
them
to
deploy
software
faster
again,
customers
do
choose
get
lab
because
it's
it's
safe,
trustworthy,
isn't
tied
to
to
you
know
Azure
only
or
you
know
they
aren't
locked
into
one
Cloud,
it's
open
core,
so
customers
have
more
transparency
into
the
source
code
and
the
product
roadmap.
A
So
we're
going
to
look
into
the
product,
Trend,
the
I'm,
sorry,
the
transfer
project
steps
again.
You'll
have
access
to
this
environment
for
48
hours,
with
these
steps,
I'll
just
kind
of
walk
through
how
that
looks.
However,
again
you'll
have
access
to
the
environment
for
48
hours.
So
only
transfer
this
when
you're
done,
because
once
you
do
transfer
it,
you
will
lose
ultimate
license
capabilities.
If
you
don't
already
have
an
ultimate
license.
A
So
yeah,
that's
in
the
chat,
so
if
you
want
to
kind
of
take
advantage
of
that
free
trial
period,
that'll
give
you
some
more.
You
know
time
with
that's
going
to
get
a
better
idea
of
how
the
different
features
are
working,
but
again
for
the
next
four
48
Hours.
You
do
have
access
to
these
features
as
well.
A
A
So
what
we
would
do
here
is
by
transferring
this
project.
Essentially,
you
know
again
don't
follow
these
steps
until
you
have
completed
it.
Typically,
when
you're
transferring
projects,
you
just
want
to
make
sure
that
the
the
the
packages
and
the
container
registry
is
clear
in
this
case.
We're
not.
We
didn't
use
any
of
those
features
so
that
wouldn't
apply.
However,
in
practice,
what
it
would
look
like
is,
you
would
go
down
to
the
deploy
package
registry
and
from
here
you
would.
A
If
you
saw
anything
here,
you
would
click
the
little
trash
can
next
to
it,
to
delete
it
same
thing
with
the
container
registry.
In
this
case,
the
container
registry
does
have
some
some
stuff
here.
You'd
have
to
actually
remove
so
before
transferring
this
over
you'll
go
ahead
and
hit
the
trash
can,
next
to
these
two,
don't
do
it
now
again
do
this
when
you,
when
you've
completed
just
kind
of
playing
around
with
the
environment?
A
And
then
you
want
to
scroll
down
to
transfer
project
here
and
then
you
go
ahead
and
select
your
name
space,
which
is
going
to
be
your
user,
your
name
and
then
you
could
you
click
on
transfer
project
from
there
again
don't
do
these
steps
until
you're,
ready
to
just
kind
of
be?
You
know
done
with
this
particular
environment
in
the
meantime,
for
the
next
48
hours
you
do
have
access
to
this
environment,
the
AI
and
devsecops.
A
You
can
kind
of
play
around
with
those
different
features
that
that
I
showed
you
earlier
in
different
scenarios.
Again
you
have
access
to
all
different
types
of
languages
that
you
can
play
around
with
the
prompts
in
explain
this
vulnerability
if
you'd
like
to
kind
of
just
see
how
that
looks
in
different
types
of
vulnerabilities
being
implemented,
that's
something
definitely
take
a
look
at
as
well
for
your
security
teams
and
Developers.
A
So
after
transferring
that
project
through
this,
you
know,
click
confirm
go
from
there.
So
I
just
want
to
conclude
that.
A
In
conclusion,
if
that
you
know
ends
the
this
particular
presentation
is
with
this
web.
This
Workshop,
if
you
have
any
questions,
definitely
drop
that
in
the
Q
a
or
in
the
chat
here
or
the
Q
a
rather
so
that
way
we
can
kind
of
get
our
panelists
to
answer
that,
if
not,
we
will
be
sending
a
copy
of
this.
You
know
these
slide
decks,
recording
and
then
we'll
kind
of
go
from
there.
A
As
far
as
you
know,
for
the
next
48
hours
again,
you'll
have
access
to
these
environments,
which
will
allow
you
to
continue
to
play
around
with
these
step
these
these
features,
but
just
keep
in
mind
that
you
know
that
is
something
that
these
are
experimental
features.
So,
if
you,
you
know
running
anything,
there's
definitely
keep
that
in
mind
and
take
take
a
look
at
some
of
our
our
documentation
here,
I'm
actually
going
to
drop
a
few
links
in
the
chat
around
our
roadmap
as
it
pertains
to
Ai
and
ml
these
links
here.
A
Let's
see
these
are
called
Direction
pages
and
what
these
will
do
will
give
you
an
idea
of
kind
of
what
our
direction
is
with
the
with
with
ai
ai
research.
I
went
ahead
and
opened
all
these
up,
but
I
dropped
it
in
the
chat
as
well,
but
each
of
these
Pages
definitely
keep
an
eye
on
these.
This
will
give
you
an
idea
of
kind
of
where
we're
headed.
A
What's
next,
what
we've
recently
completed,
what
we're
doing,
what
we're
not
doing
and
kind
of
you
know
just
again
a
good
little
overview
of
kind
of
what
our
plans
are
as
it
pertains
to
the
AI,
so
I
just
want
to
drop
that
there,
something
you
can
kind
of
take
a
look
at
to
get
a
better
idea
of
kind
of
where
we
are
in
the
whole
AI
process.
A
All
right,
I,
don't
see
any
questions
here,
so
we'll
go
ahead
and
conclude
here.
Thank
you
for
joining
this.
This
Workshop
again
you'll
get
a
copy
of
the
recording,
as
well
as
a
slide
deck,
and
you
have
access
to
this
environment
for
48
hours,
at
which
point
you
can
kind
of
continue
to
play
around
with
those
those
features.