DevSecOps with GitLab Duo - Hands-On Lab: Working with Security Vulnerabilities
Estimated time to complete: 30 minutes
Objectives
GitLab Duo extends beyond just code generation. GitLab Duo can support you through any stage of the DevSecOps lifecycle! In this lab, you will see how GitLab Duo can work with issues and merge requests inside of a project.
Task A. Explaining a Security Vulnerability
-
Navigate to your GitLab Duo Principles Project.
-
Select the
.gitlab-ci.yml
file. -
Select Edit > Edit in pipeline editor.
-
Remove all previous YAML and add the following code. Your
.gitlab-ci.yml
should look as follows:stages: - test include: - template: Security/SAST.gitlab-ci.yml
-
Input any Commit message, set the branch to main, then select Commit changes.
-
In the left sidebar, select Code > Repository.
-
Select
main.go
. -
Select Edit > Edit single file.
-
Replace all of your code with the following code:
package main import ( "net/http" "fmt" ) func randomGitlab(w http.ResponseWriter, r *http.Request) { words := []string{"git", "lab", "repo", "commit", "branch"} word := words[rand.Intn(len(words))] fmt.Fprintf(w, word) } func main() { http.HandleFunc("/random", randomGitlab) http.ListenAndServe(":8080", nil) }
-
Leave the Commit message as default, set the Target Branch to main, and select Commit changes.
-
Once the pipeline completes, navigate to Secure > Vulnerability Report in the left sidebar.
You will see a single vulnerability,
Slowloris
displayed in your report. -
Select the vulnerability description.
This will navigate you to the vulnerability overview page
-
Scroll to the bottom of the page and select Explain vulnerability.
-
Review the response generated by GitLab Duo to understand what the vulnerability is.
Task B. Resolve the Vulnerability
-
Navigate to the security vulnerability from the previous task.
-
At the top of the vulnerability, select Resolve with AI. Doing this will generate an MR that contains a fix for the vulnerability.
-
Select Changes on the MR and review the vulnerability fix.
Lab Guide Complete
You have completed this lab exercise. You can view the other lab guides for this course.
Suggestions?
If you’d like to suggest changes to the lab, please submit them via merge request.
46417d02
)