CodeSecure’s VP of Global Solutions Engineering, Mark Hermeling, showcases how GitLab Ultimate integrates with CodeSecure CodeSonar. This “ultimate” demonstration includes Microsoft Visual Studio Code, GitLab runners, and a Kubernetes cluster for comprehensive integration of SAST into a DevOps workflow platform. GitLab Ultimate’s security dashboard is shown to monitor and manage security issues in a repository.
In the example shown, a buffer overrun warning demonstrates the process. A feature branch is created to make the necessary code changes to fix the vulnerability and then a merge request migrates the fix to the development branch. CodeSonar’s GitLab integration automatically triggers SAST analysis (offloaded to a Kubernetes cluster in this case) for the changes in the merge request. A key point in time to detect whether the fix was successful and no new errors are introduced.
The key outcome of the integration is the seamless integration of a SAST tool, like CodeSonar, incorporated into a GitLab workflow, already familiar to developers using the platform. These tools work together to ensure code security and quality.