7 Securing Your Code

Now that you know how to configure your GitLab CI/CD pipeline to verify that your project’s code is meeting its requirements, the next step in constructing a pipeline is to add jobs that look for security vulnerabilities. This is an optional step, but since GitLab makes it easy to add security scanning to your pipelines, and since there’s virtually no downside other than adding a few minutes to your pipeline’s runtime, we recommend that you enable all security scanners that are relevant to your projects.

We’ll start this chapter by providing an overview of GitLab’s general strategy around using security scanners; several aspects of security scanning are helpful to understand before you start learning about individual scanners. ...

Get Automating DevOps with GitLab CI/CD Pipelines now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Automating DevOps with GitLab CI/CD Pipelines by Christopher Cowell, Nicholas Lotz, Chris Timberlake

7

Securing Your Code

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly