How we boosted WebAuthn adoption from 20 percent to 93 percent in two daysIn light of the high-profile phishing campaigns that breached public technology companies (e.g. Twilio, Uber, Dropbox, and others), GitLab decided to accelerate the implementation of the next phase of our security hygiene program, which would further enhance our security posture. As part of this acceleration, GitLab’s IT and Security teams recommended a swift adoption of phishing-resistant authentication across the entire company.
GitLab Patch Release: 15.5.3Today we are releasing version 15.5.3 for GitLab Community Edition and Enterprise Edition.
How to use Git rebase in real lifeMy colleague Chris recently wrote about how to take advantage of Git
Top challenges to securing the software supply chainOrganizations are feeling the pressure to integrate security into their software development lifecycles, and federal and industry mandates mean the days of security as a “nice to have” are officially over. Understanding the threats that can emerge across the entire software supply chain is integral to this effort. But assembling a complete DevSecOps strategy that governs how code, applications, and infrastructure are protected across the software supply chain is no easy feat.
Cadence is everything: 10x engineering organizations for 10x engineersI confess: Although I don’t believe in Bigfoot or Nessie and do believe the moon landings happened, I am convinced that despite the current orthodoxies, 10x engineers very much exist and are a major positive force for the industry, and potentially your organization. If you can find one, convince her to work for you and keep her happy and productive (but I repeat myself).
GitLab Security Release: 15.5.2, 15.4.4, and 15.3.5Today we are releasing versions 15.5.2, 15.4.4, and 15.3.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).
New OpenSSL 3.0 vulnerabilities: What you need to know to find and fix themThe OpenSSL Project announced two vulnerabilities found in OpenSSL 3.0-3.0.6 (first released in September 2021). CVE-2022-3786 and CVE-2022-3602 both relate to X.509 email address buffer overflows and require users to upgrade to OpenSSL 3.0.7, which includes patches for the vulnerabilities, which were downgraded from “critical” to “high.”
A snapshot of modern DevOps practices todayAt almost 15 years old, DevOps has been around long enough to settle in and take shape at organizations around the world. But what do “modern” DevOps practices look like today, and how are they likely to change? Three market research firms gave us their take on the current generation of DevOps, and what’s coming next.
The ultimate guide to SBOMsModern software development is marked by a commitment to application security – not just for code developed in-house, but for the entirety of the software supply chain. However, which upstream dependencies are included in software and the reasons why they are required can be difficult to determine. A software bill of materials, or SBOM, sheds light on an application’s contents and code origins, and, when paired with vulnerability management tools, can help identify vulnerabilities and highlight risk for subsequent mitigation. This guide will explain what SBOMs are, their importance in a multi-faceted DevSecOps strategy, their relationship to vulnerability management, and how to assess and improve an application’s SBOM health.
GitLab.com CI artifacts to use Google Cloud CDNOver the next month and going forward, requests for GitLab CI artifacts downloads may be redirected
Why DevOps collaboration continues to be importantIt’s tempting to think the concept of DevOps collaboration is something no one needs to talk about anymore. After all, the methodology has been around for nearly 15 years, is in widespread use, and has clearly proven to be successful at getting safer software out the door faster. Haven’t we figured out DevOps collaboration by now?
GitLab Patch Release: 15.5.1Today we are releasing version 15.5.1 for GitLab Community Edition and Enterprise Edition.
Why the market is moving to a platform approach to DevSecOpsThe market is moving to a platform approach to DevSecOps. What had previously been a process that let different engineering teams adopt their own tools for different stages of the software development lifecycle – what we call “DIY DevOps” – is being replaced by a method that leverages a single application.
How to publish your Astro Site with GitLab PagesAstro is an amazing new framework to create content-focused static sites and GitLab Pages is a great way to deploy a site built with Astro. Here's a step-by-step guide on how to build and deploy an Astro Site with GitLab Pages.
GitLab 15.5 released with GitLab Cloud Seed and Autocomplete suggestionsToday, we are excited to announce the release of GitLab 15.5 with GitLab Cloud Seed, Autocomplete suggestions in the Content Editor, Error Tracking Open Beta, Operational Container Scanning and much more!
GitLab and Oracle partner for a cloud native approach to modern application developmentModern application development requires a cloud native platform that can operate in and across multiple cloud providers. GitLab has partnered with Oracle to enable customers to run GitLab’s DevOps platform on Oracle Cloud Infrastructure (OCI).
How modern DevOps practices are changing the operations roleRemember NoOps, the idea that automation would eliminate the operations role completely? Fast forward a few years and the idea of NoOps today seems almost laughable. In today’s modern DevOps teams it’s safe to say it’s really “AlltheOps,” at least based on the results of our 2022 Global DevSecOps Survey.
Introducing browser-based DAST and integrated passive checksThe DAST and Vulnerability Research teams at GitLab are excited to announce we have fully integrated passive checks into our new browser-based DAST analyzer. Passive checks work by monitoring the network traffic to target applications while the web site is automatically crawled. This allows us to identify weaknesses that may exist without sending potentially disruptive network requests. This continues our effort to fully switch over to our browser-based analyzer for DAST in the coming months. If you are interested in using our new DAST analyzer please see our documentation on how to configure a browser-based DAST scan.
GitLab Patch Release: 15.4.3Today we are releasing version 15.4.3 for GitLab Community Edition and Enterprise Edition.