Lesson 5: GitLab Duo AI Security Features #

This lesson goes over the following:

• Vulnerability Explanation with AI
• Vulnerability Resolution with AI

Vulnerability Explanation with AI #

GitLab Duo provides Vulnerability Explaination which leverages an LLM to:

• Summarize the vulnerability.
• Help developers and security analysts to understand the vulnerability, how it could be exploited, and how to fix it.
• Provide a suggested mitigation.

Vulnerability explanation can only be applied to SAST vulnerabilities

To explain a vulnerability:

1. Navigate to Secure left navigation menu and select Vulnerability report

2. Set the filter to Group by: Tool

3. Expand SAST List

4. Click the description for Improper neutralization of special elements in data query logic with path routes/basketItems.ts:85. This is an vulnerability that can be exploited as seen in the OWASP Juiceshop tutorial, that allows you to view items in another person’s shopping cart

5. In the upper right, click the Explain or Resolve with AI button, then select Explain vulnerability, you’ll then be provided with detailed infomation on how it can be resolved

You can use this information to create an MR with a resolution.

Vulnerability Resolution with AI #

You can also use GitLab Duo to automatically create a merge request that resolves the vulnerability.

Currently, only certain vulnerability types are supported[1] [1] https://docs.gitlab.com/user/application_security/vulnerabilities/#supported-vulnerabilities-for-vulnerability-resolution

1. Navigate to Secure left navigation menu and select Vulnerability report

2. Set the filter to Group by: Tool

3. Expand SAST List

4. Click the description for Use of cryptographically weak pseudo-random number generator (PRNG) with path routes/captcha.ts:19

5. In the upper right, click the Explain or Resolve with AI button, then select Resolve vulnerability

6. An MR with a resolution will be created and the pipeline will rerun

And that concludes our basic DevSecOps tutorial. To learn more about GitLab and the value it can bring to your organization, check out https://about.gitlab.com/

Previous Lesson Project Overview