GitLab, provider of the One DevOps Platform, has updated its Security and Governance solution which enables organizations to integrate security and compliance in every step of the software development lifecycle (SDLC) and secure their software supply chain.

With increasing regulatory and compliance requirements for organizations, GitLab has increased its focus on governance to help teams identify risks by providing them with visibility into their projects’ dependencies, security findings, and user activities. This includes capabilities like security policy management, compliance management, audit events, vulnerability management, and an upcoming capability of dependency management, which will help developers track vulnerable dependencies detected in their applications.

According to the company, these governance capabilities, in conjunction with a comprehensive set of security testing capabilities such as static application security testing (SAST), secret detection, dynamic application security testing (DAST), API security, fuzz testing, dependency scanning, license compliance, and container scanning, can help organizations achieve continuous security and compliance of their software supply chain without compromising on speed and agility.

Security features like DAST API and API Fuzzing allow developers to find both known and unknown issues in their applications by scanning for them in CI/CD pipelines. With the recent addition of GraphQL schema support in 15.4, these API security scans help secure applications with minimal configuration as compared to prior releases. Additional application security scanners include Static Application Security Testing (SAST), Secret Detection, Container Scanning, Dependency Scanning, IaC Scanning, and coverage-guided fuzz testing.

The 2022 DevSecOps report found that 56% of respondents found it was difficult to get developers to actually prioritize fixing code vulnerabilities, leaving these threats for security professionals to capture.

With Integrated Security Training, developers have access to actionable and relevant secure coding guidance within the GitLab platform, which can reduce context switching and management strain on security professionals.