Skip to content

Draft: Correct bugs and inconsistentices in Security Essentials labs

Nicholas Lotz requested to merge 2023-06-update-security-essentials-labs into master

Closes https://gitlab.com/gitlab-com/customer-success/professional-services-group/education-services/-/issues/639

Why is this change being made?

The Security Essentials hands-on guide contains several mistakes and inconsistencies as noted below by an instructor:

Security Essentials lab problems:
Lab 1 - Secret detection does not identify SSN value in HelloWorld.py file.
Lab 2 - Python Dependency scan takes 50+ minutes to complete. Some attendees report exceeding the default project timeout of 1 hr.
Lab 3 - No vulnerabilities found during container scanning (which is the sole focus of that lab)
Lab 4 - Merge button does not appear after giving license-check approval (Known issue in training env. ETA on resolution for this or modification of lab?)
Lab 5 - Corpus remains empty for majority of users. The fuzz test results do not appear in the vulnerability report as the lab guide states. Only in the Pipeline>Security tab does it show.
Lab 6 - There is no demo/lab for IaC Scanning, but there is a slide in the reveal.js presentation that says there is one. (When can we expect this lab to be created?)

Author Checklist

  • Provided a concise title for this Merge Request (MR)
  • Added a description to this MR explaining the reasons for the proposed change, per say why, not just what
    • Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added, and the content is SAFE
  • Assign reviewers for this MR to the correct Directly Responsible Individual/s (DRI)
    • If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the Maintained by section on the page being edited
    • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies
    • The when to get approval handbook section explains the workflow in more detail
  • If the changes affect team members, or warrant an announcement in another way, please consider posting an update in #whats-happening-at-gitlab linking to this MR
    • If this is a change that directly impacts the majority of global team members, it should be a candidate for #company-fyi. Please work with internal communications and check the handbook for examples.

Closes #2023 (closed)

Edited by Nicholas Lotz

Merge request reports