GitLab Self-Managed: Complete DevSecOps Platform Without SaaS Training Course

DevSecOps Sovereignty with GitLab for Government

• Comparison of GitLab Community Edition (CE), Enterprise Edition (EE), and GitLab.com: features and control.
• Omnibus architecture and Kubernetes Helm deployment options for government.
• Risks associated with Software as a Service (SaaS) lock-in and data residency requirements for government.

Installation and Architecture

• Omnibus installation on Ubuntu, including PostgreSQL and Redis for government environments.
• GitLab Helm chart deployment on Kubernetes with persistent volumes for government use.
• Integration with external services such as object storage, SMTP, and LDAP for government operations.
• Geo replication strategies for multi-region disaster recovery in government settings.

Repository and Project Management

• Organization of groups, subgroups, and project hierarchies for government projects.
• Merge request workflows, code review processes, and approval rules for enhanced governance in government.
• Utilization of issue boards, epics, and milestones for Agile planning in government projects.
• Management of wikis, snippets, and releases to support comprehensive documentation and version control for government.

CI/CD Pipeline Engineering

• Configuration and management of .gitlab-ci.yml files, including stages and job dependencies for government pipelines.
• Use of runner types such as shared, group, and specific runners to optimize continuous integration and delivery in government.
• Implementation of Docker executor, Kubernetes executor, and autoscaling capabilities to enhance pipeline efficiency for government.
• Management of artifact caching, registry publishing, and deployment stages to streamline the CI/CD process for government.

Security Scanning

• Implementation of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), dependency scanning, and container scanning to ensure robust security in government applications.
• Detection of secrets and verification of license compliance to maintain security standards for government.
• Utilization of vulnerability dashboards and remediation tracking to monitor and address security issues effectively for government.

Authentication and Authorization

• Integration with Lightweight Directory Access Protocol (LDAP), Security Assertion Markup Language (SAML), and OpenID Connect Single Sign-On (SSO) for secure access management in government.
• Implementation of two-factor authentication and personal access tokens to enhance security measures for government users.
• Configuration of IP allowlisting and audit event logging to ensure compliance and accountability in government systems.

Registry and Package Management

• Management of the container registry, including authentication, cleanup policies, and replication strategies for government.
• Use of package registries for Maven, npm, PyPI, and Conan to support diverse development needs in government.
• Support for generic package uploads to facilitate internal artifact management for government projects.

Monitoring and Scaling

• Utilization of GitLab Exporter metrics and Grafana dashboards for performance monitoring in government environments.
• Database tuning and PgBouncer connection pooling to optimize database performance for government systems.
• Horizontal scaling of web, API, and sidekiq nodes to enhance system capacity and reliability for government operations.
• Implementation of backup strategies, including rake tasks, object storage, and restore verification, to ensure data integrity and recovery in government settings.