►
From YouTube: DevSecOps Demo (SDR Enablement)
Description
Here is an example demo for GitLab "DevSecOps." For use with SDR Technical Development (Google Classroom).
Speaker: Christopher Wang
LinkedIn: https://www.linkedin.com/in/christopher-wang-0835b226/
A
A
So
to
talk
about
things
at
a
high
level,
one
of
the
unique
things
that
we
really
do
is
we
allow
you
to
what
we
call
shift
left
and
so
for
most
people,
what
they
do
is
they
develop
some
sort
of
product
and
then
all
the
way.
At
the
end,
though,
test
for
security,
while
it's
too
late
and
the
negative
things
about
this
is
that
you
have
longer
development
cycles.
Sometimes
people
have
to
sleep
late.
A
You
might
have
to
do
some
additional
releases
to
get
everything
right,
but
one
of
the
unique
things
that
get
lab
offers
is
the
ability
to
actually
bake
security
testing
into
the
development
process
itself
through
our
continuous
integration
and
so
over.
Here,
let
me
just
demonstrate
this
real
quick
here.
All
the
merge
requests
that
are
coming
in
you
can
see
that
these
are
the
changes
that
people
are
trying
to
make.
Here's
a
specific
change,
that's
implemented.
That's
excuse
me
being
implemented
by
one
of
my
colleagues
and
over
here.
A
You
can
see
that
we
have
pipelines
that
are
running
so
once
again,
this
is
a
gitlab
pipeline.
This
is
all
the
automated
CI
and
tests,
and
things
like
that
that
are
running
in
a
background.
You
don't
have
to
trigger
this.
This
happens
in
the
automated
fashion
and
over
here
for
this
specific
pipeline,
you
can
see
we're
running
all
the
great
things
that
you'd
expect
like
your
your
tests
and
things
like
that.
A
But
what
really
separates
us
is
that
we
actually
have
security
testing
built
into
the
test
stage
itself
and
so
over
here
you
can
see
that
we
have
sassed.
We
also
have
danced
things
that
scans.
We
scan
your
dependencies
to
see
if
they're
out
of
date
and
what
we
basically
say
about
our
security
right
now
is
here's
some
one
of
the
screens
in
which
we
show
off
our
current,
offering
as
you
can
see
right.
A
Many
of
these
security
features
are
what
we
call
viable,
and
so
what
we
mean
by
that
is
that
you
can
use
them
they're
really
great,
but
one
of
our
real
ambitions
here
at
get
lab
is
to
be
best
in
class
in
terms
of
a
security
scanning.
You
can
see
that
we
have
fuzz
testing
on
a
roadmap
and
once
again,
you
know
in
the
next
couple
of
months
and
years.
We
continue
to
hope
to
build
this
out
so
that
everything
is
best-in-class.