►
Description
Join Sarah Bailey in this speedy coffee chat to dive into the Merge Request to increase developer productivity and collaboration!
Highlighted features: AutoDevOps, Test Automation, QA, Test Reporting, Compliance Management, Approval Rules, CodeOwners, Code Quality, CI, Pipeline, Security Vulnerabilities, SAST, DAST, Dependency scanning, license scanning, compliance policies
A
A
I
live
in
very
cold
today
near
chicago
illinois
and
what
is
a
coffee
chat
without
talking
a
little
bit
about
coffee,
so
I've
included
my
favorite
coffee
at
the
bottom
of
the
screen.
If
you
guys,
like
a
good
hawaiian
coffee,
I
highly
recommend
I
have
copper
moon,
hawaiian,
hazelnut
coffee,
it's
my
absolute
favorite.
I
love
it
so
feel
free
to
go
grab
a
cup
of
coffee
grab
a
cup
of
tea,
get
some
water
and
let's
get
started
on
the
topic.
All
about
merge
request,
cheers
all
right.
So
a
little
more
about
me
is.
A
So
if
you
and
your
organization
are
thinking
about
looking
into
security
vulnerabilities,
if
you're
thinking
about
that
auto
compliance,
the
ultimate
tier
is
the
way
to
go
and
the
best
part
about
it.
In
my
opinion,
is
the
merge
request
all
right?
Let
me
show
you
what
I'm
talking
about
all
right.
Let
me
let
me
get
my
coffee
got
coffee
duck
agenda
all
right,
so
what's
a
better
agenda
than
within
gillam.
A
So
today
we
are
going
to
show
you
a
little
sneak
peek
of
what
that
ultimate
pipeline
looks
like
and
all
those
security
scanners
in
that
visual
of
that
pipeline
and
then
we're
going
to
take
that
pipeline
and
show
you
the
merge
request
that
all
in
one
place
where
everything
is
and
for
great
collaboration
and,
of
course,
developer
productivity.
Let
me
dive
in
all
right,
so
right
now
you're
looking
at
what
we
call
the
anu
devops
pipeline
and
what
is
that?
Well,
that's,
okay!
A
I'm
here
to
tell
you
so
author
devops
takes
your
code,
I'm
in
it
dockerizes
it
or
I
like
to
say:
throws
it
into
a
bubble,
so
it
throws
it
into
that
bubble
and
then
it
just
beats
it
up.
So
it
takes
all
of
our
analyzers
and
just
beats
it
up
and
make
sure
that
code
is
good
to
go.
So
the
first
thing
it
does
is
it
checks
to
see
what
language
is
inside
that
code
and
then
being
gitlab
and
making
life
easier
for
everyone.
We
auto
populate
all
of
the
analyzers
associated
with
that
code.
A
So
for
this
example,
we
are
looking
at
python
code.
So
the
first
thing
it
does
is
hey
I
see
python
here
is
all
the
analyzers
associated
with
it,
so
we
have
bandit,
which
is
our
sassed
analyzer,
that
populates
because
of
the
python,
and
then
we
go
into
code
quality
code.
Quality
is
just
a
quick
run
through
of
your
code.
A
Looking
for
any
issues,
looking
for
any
garbage
code
to
tell
you,
but
one
really
cool
thing
about
code
quality,
especially
in
the
pipeline,
is
it
will
not
just
check
your
code,
but
it'll
actually
do
a
compare
of
how
it
ran
before.
So,
if
you're
running
your
code,
maybe
every
day
every
week
every
month,
it's
going
to
check
it,
how
it
is
the
code
quality
today,
but
it's
also
going
to
check
it,
how
it
was
so
it
will
tell
you
if
your
code
quality
is
degraded.
A
You
don't
want
to
be
the
developer
that
throws
in
any
bad
code,
and
now
this
gives
you
that
extra
check
to
say
hey.
How
is
my
code
from
the
last
time
it
was
ran
and
if
it's
bad,
it
tells
you
why,
where
and
how
to
go
fix
it.
So
it
gives
you
that
instant
feedback
and
knowledge,
so
you
can
be
able
to
fix
your
issues
before
it
hits
production
and,
as
you
know,
it's
six
times
cheaper
to
fix
your
code
at
developer
level
than
in
production.
A
Next
thing,
it
went
through
my
code
and
said:
hey,
I
found
some
containers,
so
we
now
have
our
container
scanning
looking
for
any
leaks.
Looking
for
any
issues
within
your
containers,
it
also
adds
a
sas
linter
and
then
it
goes
into
a
little
fun
thing.
If
you
guys
are
looking
into
compliance,
we
actually
have
an
auto
compliance
feature
with
an
ondo
devops.
So
what
it
does
is
it
goes
into
your
code,
looks
for
any
dependencies,
looks
for
any
licenses
and
auto
populates
a
dashboard
for
your
organization
to
go
through
and
say,
hey.
A
I
allow
this
dependency.
I
allow
this
license.
I
don't
allow
this
license.
I
don't
allow
this
dependency
and
now
every
time
you
commit
code
and
it
sees
those
licenses,
it
will
tell
you
hey.
This
is
allowed,
or
this
is
denied
you
might
have
need
to
have.
Somebody
look
at
that
I'll.
Make
sure
to
show
you
that
in
the
merge
request,
the
next
one
is
secret
detection.
Secret
detection
is
a
fun
one.
It
goes
and
looks
for
any
issues.
A
I
will
have
another
video
about
all
about
devops,
but
I'm
just
going
to
tell
you
all
these
quick
stages
in
rapid
time,
all
right,
so
the
review
state
is
that
live
because
you're
in
that
container,
you
can
actually
see
your
changes
live
best
example.
If
you
have
a
background
and
you
change
it
from
white
to
purple,
you
can
actually
see
the
purple
background
in
the
review
state.
Now
we
go
into
that
dynamic
testing.
This
is
a
big
wow
for
the
ultimate
tier
you
can
do
on
demand
desk
scans.
A
You
can
do
api
dash
scans
and,
of
course,
you
can
do
desk
scans
within
your
pipeline,
and
it
gives
you
the
ability
to
just
have
that
beautiful
web
crawler
and
check
for
all
your
links
check
for
all
your
issues
by
using
our
desk
and
because
I
love
a
good
test
automation.
I've
actually
included
a
test
automation
state
here,
because
we
are
in
the
container,
you've
already
committed
your
code
and
now
you
can
actually
test
it
live.
So
this
is
a
quick,
selenium
test.
A
It
goes
in
logs
in
happy
path,
unhappy
path,
but
every
time
the
code
is
committed,
it
will
have
this
test
automation.
Why
why
this
is
so
wonderful
and
why
I
love
to
talk
about
it
is
because
this
is
bringing
those
barriers
down
between
developers
and
qa.
It's
all
in
one
spot.
It's
all
visible.
You
don't
have
to
have
a
million
uis
to
look
at
it's
all
together
and
then
we
do
a
quick
performance
and
because
we're
git
lab-
and
we
we
love
to
help
you
guys
out
one
of
the
nice
things
about.
A
Since
we
created
this
bubble,
we
dockerized
your
code
now
we're
going
to
burst
it.
We're
going
to
burst
it,
so
it's
not
so
so
it
doesn't
take
any
space.
So
if
you're
going
to
your
next
environment
you're
going
to
the
cloud
now,
it's
all
cleaned
up
for
you
isn't
that
great
all
right.
So
here's
the
pipeline
view
once
again
this
is
ultimate
auto
devops.
Now,
let's
go
into
what
the
merge
request
looks
like
in
in
that
ultimate.
This
is
this
is
where
the
magic
happens.
A
So
you
committed
your
code.
You
have
your
information
of
what's
going
on
now,
you
can
find
all
the
details
about
where
it's
going
and
what's
going
on.
So
one
thing
I
want
to
show
is:
this:
is
the
screen.
So
this
is
the
screen
where
everything
is
notice,
it's
all
in
one
spot,
so
I'm
going
to
expand
and
you
can
see
more
of
that
deep
dive
and
we'll
go
through
that.
But
everything
here
is
in
one
spot,
so
think
about
how
you're
doing
it
maybe
you're.
A
Looking
for
a
change,
maybe
you're
trying
to
have
some
tool
consolidation.
This
is
the
screen
that
I
really
think
is
probably
the
best
thing
about
the
ultimate
tier.
It's
all
in
one
place.
You
have
your
pipeline,
you
have
your
test
automation,
you
have
your
compliance,
you
have
your
code,
quality,
your
vulnerabilities
and
once
again
back
into
the
license
complaints.
Now
let
me
dive
right
into
what
that
looks
like.
So
we
showed
you
our
other
devops
pipeline
visual.
Here
it
is
in
the
merge
request.
A
Green
means,
good,
you
see
all
the
passing
and
then
we
have
a
test
automation,
so
we
included
test
automation
into
our
pipeline.
So
every
time
you
commit
code,
you
automatically
run
a
quick,
selenium
test.
So
let
me
show
you
what
that
looks
like.
So
here
is
a
quick,
selenium
test
into
our
python
code.
This
is
an
open
source
tool
called
robot
framework.
A
A
And
if
you,
if
you
want
this,
this
is
the
way
to
go.
So.
Have
your
test
artifacts,
auto
populate
into
your
merge
request.
This
helps
with
collaboration
between
developers
and
testers
all
right
now,
let's
bring
him
back
over
to
compliance.
Let's
drop
this
down
now.
You
can
also
see
this
in
our
premium
tier
but
something's.
A
little
do,
there's
a
little
extras
in
our
ultimate
here,
including
our
vulnerability
check
and
our
license
check.
So
it's
going
to
go
through
it's
going
to
say:
hey,
I
see
these
vulnerabilities.
A
You
might
have
some
approvals
right
now.
We
have
some
optional
approvals,
but
you
can
change
this
to
your
organization's
configuration.
Another
nice
thing
to
point
out
is
our
code
owner
so
code
unknowns
is
like
a
guide
to
who's
the
who
of
approval.
You
don't
need
everyone
approving
everything.
If,
like
example,
your
vulnerability
check,
if
you
have
everyone
going
through
and
looking
at
vulnerabilities,
that's
just
a
waste
of
their
their
time
and
yours,
so
this
is
a
great
way
to
say.
A
A
A
All
right
now,
I
hope,
when
you
were
looking
at
that,
you
were
saying
how
easy
it
was
in
one
spot.
So
now
we
have
already
talked
about
our
pipeline.
We've
looked
at
our
test
automation.
We
looked
at
our
compliance
now
we're
going
to
dive
into
that
code
quality
at
the
beginning
of
our
coffee
chat.
I
talked
about
how
you
could
see
the
code
quality
live.
A
So
if
you
turn
in
code
and
you
have
awful
code
you're
going
to
be
able
to
see
it
before
everyone
else
does
so
right
now,
on
my
committed
code,
it
says:
hey
your
code,
quality
degraded.
So
now
it
tells
you
in
the
services
python
dock.
If
you
line
42,
if
you
remove
it,
you
will
have
that
code
quality
back.
So
it
gives
you
that
instant
feedback
of
what's
going
on
with
your
code
and
how
to
make
it
well
or
how
to
make
it
good
again.
A
Now
here's
your
vulnerabilities,
so
you
have
the
ability
to
see
your
vulnerabilities
at
enterprise
level.
You
have
the
ability
to
see
a
dashboard
level
within
your
project.
Now
you
have
the
ability
to
see
at
pipeline
levels,
so
we
ran
our
pipeline.
Here's
all
the
vulnerabilities,
it
found
I'm
a
quick
summary
of
four
critical
24
high
and
144
others,
but
it
doesn't
stop
there.
You
can
actually
deep
dive
into
what
vulnerability
analyzers
found
what
was
going
on
if
it
had
been
dismissed.
A
Well,
let
me
show
you
so
right
now
you
have
your
sas
to
your
dependency
scanner,
your
container
scanner
and
also
your
desk.
I
love
desk
anyway,
and
so
it
tells
you
the
severity.
It
tells
you
the
vulnerability
and
it
tells
you
if
it's
been
fixed
or
not
or
dismissed
so
you'll
see
right
here.
Some
of
these
are
new
it'll.
Have
the
severity
it'll
have?
What
is
the
vulnerability,
so
you
can
click
on
this
and
within
seconds
it
tells
you
exactly
what's
going
on
who
created
the
issue.
A
It
gives
you
that
feedback
without
you
having
to
dive
back
and
forth
into
it
and
also,
if
you
want
to
dismiss
it,
if
you
want
to
create
an
issue
or
or
have
some
action
taken
on
it,
you
can
easily
do
it
by
clicking
a
button.
Everything
is
simple
and
right
there
for
you
to
figure
out
so
right.
Here
we
have
our
sas.
We
have
our
vulnerabilities,
we're
diving
in
our
dependency.
It
says
this
is
new
and
high
one
has
been
dismissed
and
one
has
not.
A
Another
nice
thing
is
before
we
have
a
feature
called
auto
compliance,
so
it
goes
in
looks
for
your
licenses.
Looks
for
your
dependency,
builds
this
beautiful
dashboard
for
your
organization
to
put
their
own
policies
on.
We
have
already
added
our
policies,
but
now
you
can
see
we
have
been
denied
out
of
compliance
policy
as
well
as
our
allowed
policies
for
our
licenses.
A
A
There
was
a
point
in
my
career
when
I
keep
saying
17,
because
I
counted
one
day
how
many
uis
I
had
to
go
through
to
get
that
end
to
end
testing
with
vulnerabilities
with
code
quality
with
test
automation,
and
it
was
17
uis
and
because
nothing
came
together,
I
had
to
copy
and
paste
it
into
an
excel
spreadsheet.
Let
me
tell
you:
I
will
not
go
back
to
that.
This
is
the
way
to
go
so
hopefully
you
have
enjoyed
this
very
quick,
speedy,
merge,
request,
deep
dive
and
coffee
chat.