Prev Next

Maven / GitLab CI Basics Interview Questions

What are GitLab's built-in security scanning templates and how do you enable them?

GitLab provides built-in CI/CD templates for security scanning that can be included in any pipeline with a single line. These templates add jobs to your pipeline that scan for vulnerabilities without requiring manual configuration.

# Include GitLab security templates:
include:
  - template: Security/SAST.gitlab-ci.yml           # Static Application Security Testing
  - template: Security/Secret-Detection.gitlab-ci.yml  # Detect secrets/tokens in code
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/DAST.gitlab-ci.yml            # Dynamic (requires running app)
  - template: Security/Container-Scanning.gitlab-ci.yml

stages:
  - build
  - test
  - security                  # security templates add jobs to appropriate stages
  - deploy

# These templates are maintained by GitLab and auto-update
# Results appear in:
# Secure > Vulnerability Report (GitLab Ultimate)
# As MR security widgets (GitLab Ultimate)

# SAST customisation:
variables:
  SAST_EXCLUDED_PATHS: "spec,test,tests,tmp"  # skip test directories
  SAST_EXCLUDED_ANALYZERS: "bandit"           # skip specific analyzer

# Secret Detection customisation:
  SECRET_DETECTION_EXCLUDED_PATHS: "tests/"

Security templates overview
TemplateScans for
SASTCode vulnerabilities using static analysis
Secret DetectionHardcoded secrets, API keys, passwords in code
Dependency ScanningKnown CVEs in project dependencies
DASTRuntime vulnerabilities by attacking a live app
Container ScanningCVEs in Docker image layers

Security scanning results are visible in merge requests and the Vulnerability Report for GitLab Ultimate. For lower tiers, results appear in the job artifacts as JSON reports that can be parsed by other tools.

How do you enable GitLab's built-in SAST (Static Application Security Testing) in a pipeline?
Which GitLab security template detects hardcoded passwords and API tokens committed to source code?

Invest now in Acorns!!! 🚀 Join Acorns and get your $5 bonus!
Acorns Logo

Invest now in Acorns!!! 🚀
Join Acorns and get your $5 bonus!

Earn passively and while sleeping

Acorns is a micro-investing app that automatically invests your "spare change" from daily purchases into diversified, expert-built portfolios of ETFs. It is designed for beginners, allowing you to start investing with as little as $5. The service automates saving and investing. Disclosure: I may receive a referral bonus.

Robinhood Logo

Invest now!!! Get Free equity stock (US, UK only)!

Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.

The Robinhood app makes it easy to trade stocks, crypto and more.


Webull Logo

Webull! Receive free stock by signing up using the link: Webull signup.

More Related questions...

What is GitLab CI/CD and what problem does it solve? What is the.gitlab-ci.yml file and where must it be placed? What is a GitLab CI/CD pipeline? What are stages in GitLab CI/CD and how do you define them? What is a CI/CD job in GitLab and what are the required keywords? What is a GitLab Runner and what types are available? What is the 'script', 'before_script', and 'after_script' keywords and how do they differ? How do you use the 'image' keyword to specify a Docker environment for a job? What are GitLab CI/CD artifacts and how do you use them? What is the difference between cache and artifacts in GitLab CI? What are GitLab CI/CD variables and what types are available? What are the most important predefined CI/CD variables in GitLab? What are 'rules' in GitLab CI/CD and how do they control when jobs run? What is the difference between 'only/except' and 'rules' in GitLab CI? What is the 'needs' keyword in GitLab CI/CD and what problem does it solve? What is the 'workflow' keyword in GitLab CI and how does it control pipeline creation? What is the 'extends' keyword and how does it enable job templates? What is the 'include' keyword and how do you share CI configuration across projects? What are GitLab environments and how do you define them in CI/CD? What are manual jobs in GitLab CI/CD and how do you configure them? What is the 'allow_failure' keyword and how does it affect pipeline status? How does parallel job execution work in GitLab CI/CD? What are GitLab CI/CD scheduled pipelines and how do you set them up? What are pipeline triggers and how can a pipeline be started without a git push? What is the 'retry' keyword and how do you handle flaky tests in GitLab CI? What is the 'timeout' keyword in GitLab CI and what are the defaults? What is the GitLab Container Registry and how do you use it in CI/CD pipelines? What are 'services' in GitLab CI/CD and how do you use them? What is the 'default' keyword in GitLab CI and how does it reduce duplication? What are YAML anchors and aliases in GitLab CI and how do they reduce duplication? What is a merge request pipeline in GitLab CI and how does it differ from a branch pipeline? What is pipeline caching and how do you configure cache keys? What is the GitLab CI Lint tool and how do you validate a.gitlab-ci.yml file? What are GitLab CI/CD components and how do they differ from includes? What are parent-child pipelines in GitLab CI/CD? What is the 'resource_group' keyword and how does it prevent concurrent deployments? What are GitLab's built-in security scanning templates and how do you enable them? What is the 'GIT_STRATEGY' variable in GitLab CI and what are the options? What are protected branches and protected variables in GitLab CI? What are common reasons a GitLab CI pipeline fails and how do you troubleshoot them?
Show more question and Answers...

Testing

Comments & Discussions