GitLab Defend makes organizations and apps resilient against attacks at all levels. Defend leverages existing context to improve security posture and provides additional context to teams in all stages of DevOps to shift security left and ensure everyone can contribute to securing the organization and apps.
The Defend stage includes all features related to defending your applications and cloud infrastructure, identifying and cataloging threats, vulnerabilities, and risks, and giving you the ability to manage and remediate them.
GitLab helps you create, deliver, and manage secure applications in today's modern infrastructure while also enabling DevOps methodologies and Digital Transformations.
Our first capability in Defend is the Web Application Firewall category. The first Minimal Viable Change was to add capabilities to Enable ModSecurity on your Kubernetes cluster ingress. This category is the first step to protecting your applications, by monitoring and being able to protect against malicious traffic, which includes attacks like SQL injection and cross-site scripting.
In line with our Security Paradigm, Defend features will inform and report threats that occur as a first step. Once you explicitly tell GitLab to block traffic, users, or devices, we will record these decisions and then block and drop actions by those bad actors.
This is valuable to you because it means that you can introduce and configure security for your app gradually over time without disrupting your end users. Examining the information about what GitLab Defend reports in your app helps you ensure that the security settings are appropriate for your app and business will not introduce more false positves nor permit more potentially bad actions than you are comfortable with. Having recorded evidence of threats and your response ensures you can easily achieve your compliance goals and requirements.
One of GitLab's key advantages as a single DevOps platform is that all of our stages are integrated and tightly connected. Defend will identify and protect against threats as they happen, but we will strive to be informative to other stages to give you actionable next steps to close a vulnerability or point of exploit, not just defend it.
Not only does shifting left and acting on results earlier give your apps better security, it helps enable collaboration with everyone at your company. We believe that security is everyone's responsibility and that everyone can contribute, and informing other stages is a powerful way to do this.
Defend capabilities will be pre-configured to provide value to protecting your applications. Rather than require you to read documentation manuals and provide complex configuration files, GitLab will always provide reasonable defaults out of the box.
We will provide the ability for advanced and customized configurations, but these will only be needed based on your specific use case and when you feel comfortable doing so.
There are a few product categories that are critical for success here; each one is intended to represent what you might find as an entire product out in the market. We want our single application to solve the important problems solved by other tools in this space - if you see an opportunity where we can deliver a specific solution that would be enough for you to switch over to GitLab, please reach out to the PM for this stage and let us know.
Each of these categories has a designated level of maturity; you can read more about our category maturity model to help you decide which categories you want to start using and when.
A Web Application Firewall (WAF) is able to examine traffic being sent to an application and can block malicious traffic before they reach your application. This category is at the "minimal" level of maturity.
Detect and respond to security threats. This category is planned, but not yet available.
Security dashboards to help you manage vulnerabilities in your application. This category is planned, but not yet available.
This category is planned, but not yet available.
When applications are deployed to production, they are subject to real security threats that may lead to unauthorized access to sensitive data. Runtime Application Self Protection (RASP) actively monitor and block threats before they can exploit vulnerability in the target application. This category is planned, but not yet available.
User and Entity Behavior Analytics (UEBA) is a machine learning solution to analyze normal and aberrant behavior. This category is planned, but not yet available.
This category is planned, but not yet available.
Data Loss Prevention (DLP) is a way to monitor systems for sensitive data and identify when that data is being moved to other systems and potentially shared outside your organization. This category is planned, but not yet available.
There are a number of other issues that we've identified as being interesting that we are potentially thinking about, but do not currently have planned by setting a milestone for delivery. Some are good ideas we want to do, but don't yet know when; some we may never get around to, some may be replaced by another idea, and some are just waiting for that right spark of inspiration to turn them into something special.
Remember that at GitLab, everyone can contribute! This is one of our fundamental values and something we truly believe in, so if you have feedback on any of these items you're more than welcome to jump into the discussion. Our vision and product are truly something we build together!