►
From YouTube: How to think about where to integrate with GitLab
Description
Sam Kerr, Principal Product Manager, discusses a few of the different touch points our users use today, with a specific focus on security. This gives you context and hopefully inspires ideas on where and how to best integrate your own security product with the GitLab workflow.
A
Hopefully,
this
can
provide
some
context
to
what
gitlab
is
doing,
where
we're
going
and
also
give
you
as
a
third-party
integrator,
some
insights
into
where
you
could
integrate
your
own
product
so
that
it
would
be
a
seamless
fit
with
the
experience
kit
lab
users
are
already
expecting
today
and
so
the
screen
that
I'm
sharing
right
now.
This
is
a
page
from
our
documentation
called
secure
partner
integration
and
the
onboarding
process.
A
It's
publicly
available
at
Docs
that
get
lab
comm
and
you
can
search
for
that
URL
to
get
to
this
exact
page
that
I'm
sharing
right
now.
But
essentially,
what
this
is
saying
is
that
gitlab
expects
all
of
our
end
users
to
be
committing
code
staying
inside
of
get
lab
in
what
we
call
a
pipeline
or
a
merge
request
and
viewing
security
results.
A
As
part
of
that
experience,
rather
than
going
to
a
separate
experience,
get
lab
things
that
shifting
security
left
is
incredibly
powerful
and
B
being
able
to
expose
these
security
results
to
developers
as
part
of
their
daily
workflow
means
that
the
vulnerabilities
can
be
resolved
more
easily
and
much
more
quickly
than
they
would
in
a
traditional
workflow
and
so
I'll.
Let
you
read
this
page
at
your
own
leisure,
but
I'd
like
to
walk
through
a
small
demo.
A
Little
example
project
that
I've
put
together
I'm
called
example
node,
and
so
this
is
just
a
basic
kit
lab
nodejs
application.
It's
built
from
one
of
our
templates.
You
can
get
access
to
all
of
this
code
yourself
if
you
click
new
project
and
then
go
to
new
project
and
cop
from
the
template,
but
what
I
want
to
walk
through
with
this
is
you've
seen.
A
You
can
see
here
that
I
authored
this
project
about
three
hours
ago,
I
pushed
some
code
to
update
this
gitlab
CI
e
ml
file
and
the
pipeline
passed,
and
this
is
really
the
first
touch
point
that
we
expect
in
the
users
to
interact
with
get
lab
on.
So
let's
go
dig
into
that
pipeline
and
look
at
what
happened
as
it
was
being
run
so
we'll
go
to
the
CI
CD
tab
here
go
to
pipelines
and
there
we
can
immediately
see
the
pipeline
that
was
being
highlighted
on
the
page
earlier.
A
You
see
this
ran
about
three
hours
ago
and
it
ran
in
three
different
stages,
so
a
build
stage,
a
test
stage
and
a
deploy
stage,
and
so
for
this
example.
These
are
quite
basic.
All
it's
doing
is
printing
on
a
simple
line
of
text
to
illustrate
the
point,
but
this
is
where
end-users
would
be
building
their
apps
running
regression,
and
you
know
tests
bring
security
tests
and
then
deploying
it
to
a
production
environment.
A
So
let's
go
ahead
and
click
that
and
see
what
sort
of
results
are
posted
here
now:
you'll
notice
that
there
are
no
vulnerabilities
that
have
been
found
for
this
pipeline.
That's
because
the
code
I'm
using
has
no
vulnerabilities
in
another
project
where
there
were
vulnerabilities.
This
screen
would
be
populated
by
individual
vulnerabilities.
They
would
have
the
severity
populated
as
a
column,
they'd
have
a
description
of
them
and
when
you're
thinking
about
how
to
integrate
with
git
lab,
this
is
one
of
the
primary
screens
that
you
should
be
thinking
about
how
to
integrate
with.
A
How
can
you
link
the
experience
you've
already
built
for
your
customers
into
the
git
experience
that
they're
expecting
from
us
generally,
when
you've
created
a
vulnerability
in
this
in
this
screen?
The
couple
of
next
steps
that
the
user
could
take
is
they
could
click
on
it
view
the
various
sorts
of
data
and
metadata
that
your
scanner
has
produced.
They
could
either
then
dismiss
the
vulnerability.
They
could
create
a
merge
request
to
resolve
the
vulnerability
or
they
could
promote
it
to
a
get
live
issue.
A
So
another
touch
point
that
we
expect
gitlab
users
to
be
using
is
the
security
and
compliance
security
dashboard,
and
this
is
another
place
that
you
should
think
about
how
you
want
to
integrate
into
your
own
product
with
gitlab,
and
so
it's
available
on
the
left
over
here
and
so
again,
this
project
has
no
vulnerabilities
because
I'm
using
the
template
that
doesn't
have
any.
But
again
this
screen
would
be
populated
if
there
were
security,
vulnerability
results
reported
again
with
the
status
which
would
be
open
or
closed
the
severity
of
the
vulnerability
and
description
of
it.
A
So
between
these
two
places,
these
are
really
the
primary
places
you
should
be
thinking
about
when
you
want
to
integrate
with
gitlab
in
terms
of
security.
Are
those
pipelines
that
individual
developers
are
going
to
be
using,
as
well
as
these
security
dashboards,
which
are
going
to
be
used
by
individual
developers,
but
also
by
project
managers.
Product
managers
and
dev
leads
to
quickly
understand
all
of
the
exposure
that
their
projects
have
in
terms
of
security,
and
so
hopefully,
this
quick
walkthrough
of
the
different
screens
that
get
lab
offers
in
terms
of
security
is
helpful
for
you.
A
In
terms
of
giving
you
insight
into
what
would
be
a
good
place
to
start
with,
integrating
with
kit
lab
again,
my
name
is
Sam
Kirk
my
handle
on
gate
lab
is
St
Kirk
and
always
feel
free
to
reach
out
at
get
Lam
feel
free,
create
an
issue
tag
me
or
any
of
the
other
gate
lab
team
members
on
it
we'll
be
happy
to
have
a
discussion
with
you
on
how
to
effectively
integrate
it
into
gate
lab.
Thank
you.