Skip to content

Update file secessentialshandson1.md to represent current sast scan results.

Jason Caylor requested to merge secessentialshandson-patch-vulnerability-fix into main

Why is this change being made?

💡 Provide a detailed answer to the question on why this change is being proposed, in accordance with our value of Transparency.

Following the GitLab Security Essentials - SAST / DAST / Secret Scanning Hands-On Lab, the SAST report is different than what is currently in the lab. These changes reflect what is currently seen while following the lab.

Below is a copy of the gl-sast-report.json from the pipeline as well as a screenshot from the pipeline's vulnerability report.

gl-sast-report.json

image.png

Here is a link to the pipeline run's security tab https://gitlab.com/gitlab-learn-labs/environments/session-49ff693e/iutkbrxg/security-labs/-/pipelines/1188668558/security

Author and Reviewer Checklist

Please verify the check list and ensure to tick them off before the MR is merged.

  • Provided a concise title for this Merge Request (MR)
  • Added a description to this MR explaining the reasons for the proposed change, per say why, not just what
    • Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added, and the content is SAFE
  • Assign reviewers for this MR to the correct Directly Responsible Individual/s (DRI)
    • If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the Maintained by section on the page being edited
    • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies
    • The when to get approval handbook section explains the workflow in more detail
  • For transparency, share this MR with the audience that will be impacted.
    • Team: For changes that affect your direct team, share in your group Slack channel
    • Department: If the update affects your department, share the MR in your department Slack channel
    • Company: If the update affects all (or the majority of) GitLab team members, post an update in #whats-happening-at-gitlab linking to this MR

Merge request reports