DevSecOps Quiz
Test your GitLab DevSecOps knowledge by taking a moment to answer the multiple choice questions in this quiz.  
Sign in to Google to save your progress. Learn more
Email *
DevSecOps User & Buyer Personas
Which job role is an example of a DevSecOps user persona? *
1 point
"Shifting Left" can be understood as empowering the developers to find and fix security vulnerabilities earlier in the software development lifecycle, when changes are less costly and more timely. *
1 point
Match the persona concern in each row with the appropriate job title. *
5 points
Developer
Security Analyst
CISO
Want to identify unresolved vulnerabilities, their severity, and their remediation status
Don't want to be the one that brings their company down via vulnerable code
I want to see everything I am monitoring for risk in one tool, so I can do my job easier and more efficiently.
Top goal is to manage security risk and compliance across all departments.
Manages a department that is typically short staffed as security experts are hard to come by and expensive
Industry Insights
In which "Magic Quadrant" for Application Security Testing did Gartner rank GitLab? *
1 point
GitLab is the only DevOps platform vendor in the 2020 Gartner Magic Quadrant report for Application Security Testing. *
1 point
While it's best to use GitLab CI in order to use GitLab security scanners, it is possible to use our scanners while using Jenkins for CI *
1 point
Market Requirements
Match the market requirement in each column to the corresponding positive business outcome. *
4 points
Scan results for the Developer
Application Security Testing of code and components
Security Governance
Works with existing and diverse tools
Allows continued use of existing investments and avoids a rip-n-replace scenario.
Reduces security and compliance risks.
Allows security flaws to be fixed early, when less expensive, removes context-switching, and minimizes risk by preventing vulnerabilities from reaching production.
Risk mitigation. Ability to identify exceptions and refine policies over time.
How GitLab Does It
Please indicate whether the business outcomes in each row are a before scenario common in traditional application security vs. an after scenario using GitLabs approach to DevSecOps described in the  "A Seismic Shift in Application Security" white paper. *
8 points
Before Scenario
After Scenario
Decreased security exposure
Siloed from the development workflow
Proactively identify risks
Security acting as a gate for code deployment
Not enough security people to test all of their code,
Lack of visibility
Projects predictably delivered on time and on budget
Unable to perform dynamic testing on code before it is merged
Please indicate whether the  statements in each row are an outcome associated with teams utilizing traditional DevOps vs. Concurrent DevOps practices. *
6 points
Traditional DevOps
Concurrent DevOps
Disparate teams
People have visibility into the entire workflow, process, and security and compliance across the DevOps lifecycle
Every important activity is logged in a single audit log that covers the entire DevOps lifecycle
Organizing work in a sequence of steps and handoffs, which creates silos
Teams work concurrently and review changes together before pushing to production
Waiting for feedback
DevSecOps GitLab Differentiators
Match the GitLab differentiator in each column to the corresponding positive business outcome. *
4 points
Scans performed on feature branch before code is merged with the scan results in MR pipeline
Apply security policy & gating within the MR pipeline
Streamlined Auditing
Offline Environments
GitLab security scans can run in offline or limited connectivity environments.
This shifts left to improve cycle time and development costs by resolving defects earlier.
Every change is captured in an audit log showing who changed what code and who approved policy exceptions
Allow security teams to apply security policies automatically during development such as review/approve security exceptions
Discovery Questions
Read each discovery question and choose the corresponding  pain point from the drop down list.
Are security policies automated with security requirements built into the development process? Or are most projects secured a bit differently every time? *
1 point
Is there friction between dev and sec? Can you see security risks at any point in the SDLC? *
1 point
Can your security scans keep up with your iterative coding velocity? How often are projects stopped waiting for a security scan? *
1 point
How much time is wasted translating what was found by sec to what needs to be done by dev and tracking if it was done? Can you quickly see the status of security remediations? *
1 point
Is your organization investing to improve application security in the short term or long term? Is there a clearly defined strategy or timeline? Are you working to integrate app sec tools into the DevOps tool chain? *
1 point
What percentage of code are you currently scanning? Are there holes where an attacker could more easily enter and then traverse laterally? How much more would it cost you to scan all of your code? *
1 point
Is there tension between responsibility for security and ability to improve it? *
1 point
Are Security policies automated with security requirements built into the development process? *
1 point
How predictable is the cost of your app sec tools? *
1 point
What steps have you taken to enable developers to find and fix vulnerabilities themselves? Are the scan results in the CI pipeline? *
1 point
Submit
Clear form
reCAPTCHA
PrivacyTerms
This form was created inside of GitLab. Report Abuse
Google Forms