GitLab Duo Principles - Hands-On Lab: Working with Security Vulnerabilities

This Hands-On Guide walks you through using GitLab Duo to explain security vulnerabilities.

Estimated time to complete: 15 minutes

Objectives

In this lab, you will see how GitLab Duo can help with explaining and resolving security vulnerabilities.

Task A. Explaining a Security Vulnerability

  1. Navigate to your Duo Demo project.

  2. Select Build > Pipeline editor.

  3. Remove all previous YAML and add the following code. Your .gitlab-ci.yml should look as follows:

    stages:
  - test

include:
  - template: Security/SAST.gitlab-ci.yml

  4. Input any Commit message, ensure the target branch is set to main, then select Commit changes.

  5. In the left sidebar, select Code > Repository.

  6. Select main.go.

  7. Select Edit > Edit single file.

  8. Replace all of your code with the following code:

    package main

import (
  "net/http"
  "fmt"
  "math/rand"
)

func randomGitlab(w http.ResponseWriter, r *http.Request) {
  words := []string{"git", "lab", "repo", "commit", "branch"}
  word := words[rand.Intn(len(words))]

  fmt.Fprintf(w, word)
}

func main() {
  http.HandleFunc("/random", randomGitlab)
  http.ListenAndServe(":8080", nil)
}

  9. Input any Commit message, set the target branch to main, then select Commit changes.

  10. In the left sidebar, select Build > Pipelines and wait for your pipeline to complete.

  11. Once the pipeline completes, in the left sidebar navigate to Secure > Vulnerability Report.

  12. Select the vulnerability “Allocation of resources without limits or throttling”.

    This will navigate you to the vulnerability overview page.

  13. At the top right of vulnerability overview, select the AI vulnerability management dropdown.

  14. Select Explain with AI.

  15. Review the response generated by GitLab Duo to understand the vulnerability.

Task B. Resolve the Vulnerability (Optional)

Now that we have a clear understanding of the vulnerability, let’s get it fixed!

  1. At the top right of vulnerability overview, select the AI vulnerability management dropdown.

  2. Select Resolve with AI

  3. Duo will create a new branch for you, make the necessary code changes, and then create the MR and redirect you to it.

  4. Select the Changes tab of the newly-created MR to check that you are happy with the changes Duo has made.

  5. If so, head back to the Overview tab, read through Duo’s MR description and then click Merge.

  6. Once the pipeline from this merge has successfully completed, check the Vulnerability Report again to make sure the vulnerability has been resolved.

Lab Guide Complete

You have completed this lab exercise. You can view the other lab guides for this course.

Suggestions?

If you wish to make a change to the lab, please submit your changes via Merge Request.

Last modified March 5, 2026: Resolve "ILT Lab Update - GitLab Duo Principles" (6037092b)
View page source - Edit this page - please contribute. Creative Commons License