GitLab Ultimate

Integrating security into your DevOps lifecycle is easy with GitLab. Security and compliance are built-in, out of the box, giving you the visibility and control necessary to protect the integrity of your software.

GitLab is known for industry-leading Source Code Management (SCM) and Continuous Integration (CI). Developers want to use GitLab. We make it easy for them to develop more secure and compliant software. The GitLab DevOps platform shifts both security and compliance earlier in the development process with consistent pipelines that automate scanning and policies. Uniting developers and security pros within one platform streamlines vulnerability management for both and improves collaboration.

 

Tags: , , , , , , , , , , , , , , , , , ,
Solicitare ofertă

Description

GitLab Ultimate – Speed. Efficiency. Trust.

Capabilities included within the GitLab Ultimate tier


Comprehensive Application Security Scanning for developers

Shift security left to empower developers to find and fix security flaws as they are created.

  • Automatically include application security testing in your CI pipelines – one tool, one cost, one user interface, one source of truth to unite dev and sec.
  • Provide actionable scan results to the developer to assess and resolve potential vulnerabilities at code commit, before code is merged – even for DAST.
  • Auto Remediation automatically creates a patch to resolve some vulnerabilities.
  • Scanners include SAST , DAST, Dependency scanning, License Compliance, Container scanning, Cluster Image Scanning, web API testing, Infrastructure-as-code](https://docs.gitlab.com/ee/user/application_security/iac_scanning/) (IaC) testing, Secret Detection

Vulnerability Management for security pros

Assess and triage vulnerabilities that remain after code changes are merged.
  • Security pros can manage vulnerabilities across projects and groups to evaluate and triage vulnerabilities.
  • Dynamically test running web applications on demand for known runtime vulnerabilities.
  • Show all dependencies used in a project via a Dependency List (also called a Bill of Materials).
  • Export findings, import findings from their party scanners and bug bounties. Filter by scanner vendor

Security and Compliance Governance

Automate security and compliance policies across your software development lifecycle with GitLab Ultimate.

  • Compliant pipelines for consistent use of security policies. Security configuration via check-boxes and granular controls – no need to code pipelines.
  • Security dashboards at the project, group, and instance level, along with a personalized view of specific projects.
  • Policy management for MR approvals, separation of duties and other common controls, including a Compliance Report.

Cloud-native security by GitLab Ultimate

  • Container scanning, cluster image scanning, Infrastructure-as-code (IaC) scanning, web API fuzzing. All scan results are provided to the developer within their CI pipeline alongside more traditional scan results – no do-it-yourself integration is required.
  • Alerts and protection for applications deployed in connected Kubernetes clusters is also an feature s of GitLab Ultimate. At the network layer, Container Network Security filters traffic going in and out of the cluster and traffic between pods inside the cluster. Inside the container, Container Host Security can monitor and block activity inside the containers themselves.

Additional Capabilities within GitLab Ultimate

  • Fuzz Testing – Fuzz testing acquisitions have been integrated alongside other scanners in the merge request pipeline. Apply this powerful technology to automatically test for unknown security flaws with coverage-guided fuzzing and API fuzzing
  • Offline Environments – self-managed customers can run most of the GitLab security scanners when not connected to the internet
  • Mobile app testing – Test mobile applications within your CI pipeline including Kotlin, Swift, Objective-C, and Java.

If You don’t need all the security functions included in GitLab Ultimate subscription, You can try GitLab Premium from the begin and