Summit 2024 Code Challenge
Additional details and context
- Slack message: https://gitlab.slack.com/archives/C010XFJFTHN/p1709744696435709
- Video: https://drive.google.com/file/d/1vtvXncSOvUqWUwF6iy5nf-sn6GLpovpB/view
- Video script and additional details: https://docs.google.com/document/d/1Ahy4PWa59Q2eanC6hjIhl_oL-pCKyb4PE-B5Fs5GLNY/edit
- Slack channel: #code-challenge
This Summit Challenge
This year's challenge comes from us becoming the first true DevSecOps platform. Because we have a single interface and data structure, we don't just replace the point solutions. We can do truly unique things. I picked the one thing that comes up often in my conversations with CTOs and CISOs. Today when a big vulnerability in a library like Log4J comes out their teams spend weeks of overtime to remediate. All the time being stressed about being vulnerable while applications aren't fixed. When I say we can do this automatically in GitLab a few years from now their jaws drop. Because we are the broadest platform, only we can solve this. Let's move up this timeline and bring this future to the present.
The challenge is to demonstrate following happening automatically:
- Our vulnerabilities database is updated based on a mailing list message
- GitLab flags all the projects using the vulnerable library (using our existing SBOM functionality)
- Duo AI suggests a fix for the vulnerability, the fix being updating the library
- The fix is added to a merge request that is automatically merged after tests pass
- During the CD part the GitLab detects a problem with Kubernetes resource usage going up too much
- Based on that problem the fix is reverted and a new deploy is done
- An issue is opened with AI explaining the vulnerability, the fix that was attempted, and problem with the deployment
**Due: 5pm local Summit time Thursday 2024-03-07 **
Demo details
You have 20 minutes to demo everything that is complete.
Please arrive by 4:45pm to Code Challenge Results Presentation (Bellagio Ballroom 2 + 6) room to set up.