GitLab’s 2023 predictions: What’s next for DevSecOps?In 2023, organizations will focus their time and resources on the continued shift left of security, completing the evolution from DevOps to DevSecOps. GitLab Chief Marketing and Strategy Officer Ashley Kramer says that every company will need to have security tightly integrated into DevOps to combat the increased threats throughout the software development lifecycle. In addition, DevSecOps teams will have to continue to focus on supply chain security, make optimal use of artificial intelligence and machine learning, and expand their use of value stream analytics. GitLab leaders from across disciplines share these predictions and more about how the industry will change this year.
4 approaches to GitLab integrationsThe benefit of a DevSecOps platform is to create a foundation upon which an organization can build its entire development process. Rather than having to log onto several different systems to manage, observe, and advance through the software development lifecycle, DevSecOps teams have one application to serve as their system of record. To augment the platform and create even more business value, organizations can create integrations with third-party software and systems, while still maintaining a unified experience for stakeholders, developers, and operators.
Git security audit: Inside the hunt for - and discovery of - CVEsKeeping a secure development environment is my daily focus here at GitLab. My team and I are committed to hunting for vulnerabilities and mitigating them before they impact others. I feel equally enthusiastic about helping the development community identify potential risk. So when I had the opportunity to join an open-source security audit of Git, funded by the Open Source Technology Improvement Fund (OSTIF), I jumped at it. Little did I know it would lead to the discovery of CVE-2022-41903.
The GitLab Quarterly: How our latest beta releases support developersIt’s easy to say that 2023 will be the year of innovation, but with the macroeconomic environment requiring an obsessive eye on cost efficiencies, and in some cases, cost-cutting, exactly how are organizations supposed to stay competitive when it comes to software development and delivery? The answer is clear: Stay focused on supporting your developers. Our two new beta releases help you do just that.
GitLab 15.8 released with external status checks and self-managed SCIMToday, we are excited to announce the release of GitLab 15.8 with block merges unless external status checks pass, SCIM support for self-managed GitLab, view estimated queuing for runners in the admin area, migrate GitLab projects by direct transfer beta, and much more!
GitLab project migration and automation - a perfect pair for faster, easier transfersSince Version 14.3, GitLab has supported migrating GitLab groups by direct transfer, where, rather than manually uploading export files, data is transferred directly from the source instance to the destination instance. We have been working to extend this functionality to projects and are including the ability to migrate projects by direct transfer as a beta in GitLab 15.8.
GitLab Support changes enable faster response times, tighter controls for customersStarting on February 1, 2023, only contacts who have been prelisted as a support contact through their company representative will be able to open tickets with GitLab Support. This change gives customers tighter control of support contacts for security and management purposes, and ensures that GitLab Support will be able to triage requests as quickly as possible.
DevSecOps platforms help SMBs scale as they growFor startups and small to medium-sized businesses (SMBs) working to expand their customer base, revenue, and standing in their industries, adopting a DevSecOps platform is one move that can help make all of that growth happen.
GitLab Critical Security Release: 15.7.5, 15.6.6, and 15.5.9Today we are releasing versions 15.7.5, 15.6.6, and 15.5.9 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Get to know the new GitLab typefacesWe take the choice of typefaces very seriously around here. And, in the spirit of transparency, a GitLab core value, we like to share our rationale for typeface changes. This blog introduces you to the new default typefaces in GitLab – GitLab Sans (Inter) and JetBrains Mono – and explores in detail why we chose them and how they will improve the user experience.
Self-managed support extended to GitLab for Jira AppDeveloping fast feedback loops is a core tenet of DevOps and is critical to the communication required between planning functions and engineering teams. GitLab provides many integrated features for Agile Planning within the DevSecOps Platform, but we understand the importance of supporting tools used within the broader DevOps ecosystem. This is why we’ve partnered with Atlassian to provide additional (and more straightforward) support between GitLab and Atlassian Jira, via the GitLab for Jira app.
GitLab Patch Release: 15.7.3Today we are releasing version 15.7.3 for GitLab Community Edition and Enterprise Edition.
Monitor your web attack surface with GitLab CI/CD and GitLab PagesDISCLAIMER: We believe that understanding the tactics and techniques of both attackers and defenders is key to keeping our organization secure. It's important to note that GitLab security blog posts are for informational purposes only, not to provide specific security advice.
DevSecOps platforms give SMBs security muscleDevOps professionals with both security training and experience come at a high price and can be hard to find. That makes it especially difficult for startups and small and medium-sized businesses (SMBs), which generally don’t have deep pockets, to get the security professionals they need.
Visual guide to incident metricsIncident metrics are a set of standard, quantifiable measurements used to track the incident response process. Accurately tracking these metrics will help DevSecOps teams understand how they are performing and whether responses to unplanned outages are getting better or worse. Decreasing the time to detect, respond, mitigate, and recover from an incident decreases the impact of an incident on customers as well as the cost of the incident to the business overall.
GitLab Security Release: 15.7.2, 15.6.4, and 15.5.7Today we are releasing versions 15.7.2, 15.6.4, and 15.5.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
GitLab Patch Release: 15.7.1Today we are releasing version 15.7.1 for GitLab Community Edition and Enterprise Edition.
Vestiaire Collective VP shares wins, insights, and what's next with DevSecOps migrationVestiaire Collective, an online marketplace for second-hand clothing and luxury items, needed a faster and easier-to-use solution for code reviews and running pipelines. In 2018, the company migrated its codebase to GitLab for its speed and flexibility in setting up custom workflows and pipelines for releases. Since making the move, Vestiaire Collective has taken advantage of GitLab’s integrations with other tools — including Jenkins for CI/CD, Jira for issue management, and Nexus artifact storage — to improve productivity and simplify complex toolchains. We talked to Sardorbek Pulatov, vice president of engineering at Vestiaire Collective, about what his team has been able to achieve with the GitLab DevSecOps Platform and the lessons learned along the way.
Secret Detection update: Leaked Personal Access Tokens will soon be revokedGitLab will soon begin automatically revoking Personal Access Tokens (PATs) when GitLab Secret Detection finds them in public repositories, an update that will better protect GitLab users and organizations.
DRY development: A cheatsheet on reusability throughout GitLabMore than 20 years ago, the book The Pragmatic Programmer brought attention to the DRY principle, or “Don’t Repeat Yourself." This principle is defined as every piece of knowledge must have a single, unambiguous, authoritative representation within a system.