DevSecOps with GitLab Duo - Hands-On Lab: Working with Security Vulnerabilities

This Hands-On Guide walks you through using GitLab Duo to explain security vulnerabilities.

Estimated time to complete: 30 minutes

Objectives

GitLab Duo extends beyond just code generation. GitLab Duo can support you through any stage of the DevSecOps lifecycle! In this lab, you will see how GitLab Duo can work with issues and merge requests inside of a project.

Task A. Explaining a Security Vulnerability

  1. Navigate to your GitLab Duo Principles Project.

  2. Select the .gitlab-ci.yml file.

  3. Select Edit > Edit in pipeline editor.

  4. Remove all previous YAML and add the following code. Your .gitlab-ci.yml should look as follows:

    stages:
  - test

include:
  - template: Security/SAST.gitlab-ci.yml

  5. Input any Commit message, set the branch to main, then select Commit changes.

  6. In the left sidebar, select Code > Repository.

  7. Select main.go.

  8. Select Edit > Edit single file.

  9. Replace all of your code with the following code:

    package main

import (
  "net/http"
  "fmt"
)

func randomGitlab(w http.ResponseWriter, r *http.Request) {
  words := []string{"git", "lab", "repo", "commit", "branch"}
  word := words[rand.Intn(len(words))]

  fmt.Fprintf(w, word)
}

func main() {
  http.HandleFunc("/random", randomGitlab)
  http.ListenAndServe(":8080", nil)
}

  10. Leave the Commit message as default, set the Target Branch to main, and select Commit changes.

  11. Once the pipeline completes, navigate to Secure > Vulnerability Report in the left sidebar.

    You will see a single vulnerability, Slowloris displayed in your report.

  12. Select the vulnerability description.

    This will navigate you to the vulnerability overview page

  13. Scroll to the bottom of the page and select Explain vulnerability.

  14. Review the response generated by GitLab Duo to understand what the vulnerability is.

Task B. Resolve the Vulnerability

  1. Navigate to the security vulnerability from the previous task.

  2. At the top of the vulnerability, select Resolve with AI. Doing this will generate an MR that contains a fix for the vulnerability.

  3. Select Changes on the MR and review the vulnerability fix.

Lab Guide Complete

You have completed this lab exercise. You can view the other lab guides for this course.

Suggestions?

If you’d like to suggest changes to the lab, please submit them via merge request.

Last modified June 27, 2024: Fix various vale errors (46417d02)
View page source - Edit this page - please contribute. Creative Commons License