How we diagnosed and resolved Redis latency spikes with BPF and other toolsIf you enjoy performance engineering and peeling back abstraction layers to ask underlying subsystems to explain themselves, this article’s for you. The context is a chronic Redis latency problem, and you are about to tour a practical example of using BPF and profiling tools in concert with standard metrics to reveal unintuitive behaviors of a complex system.
GitLab 15.6 released with improvements to security policies, CI/CD variables, and DAST APIToday, we are excited to announce the release of GitLab 15.6 with
How to publish a Remix app to the edge with GitLab and CloudflareRemix has had a significant impact in the frontend space.
How GitLab can eliminate the massive value stream friction of developer environment provisioning and cleanupA strong DevOps value stream drives developer empowerment as far left as possible. In GitLab, this is embodied in per-feature branch merge requests that are rich with automated code quality and defect information - including not only findings - but automated remediation capabilities and collaboration. Some defects and code quality issues can only be found by analyzing a running copy of the application, including DAST, IAST, fuzzing and many others. GitLab has built a fully automated, seamless developer environment lifecycle management approach right into the developer experience. In fact, it’s so seamlessly built-in, it can be easy to overlook how critical developer environment lifecycle fanagement is. This article will highlight why and how GitLab adds value using developer environment automation. In addition, while GitLab provides out of the box developer environment lifecycle management for Kubernetes, this article demonstrates an approach and a working example of how to extend that capability to other common cloud-based application framework PaaS offerings.
How is AI/ML changing DevOps?The last few years have seen an explosion in artificial intelligence, machine learning, and other types of projects. Companies like Hugging Face and applications like DALL-E 2 have brought to the mainstream what the power of AI/ML can bring to the next generation of computing and software. As every company has become a software company over the last few decades, the ability to innovate and leverage the ever-growing amount of data that organizations have access to have become where enterprises turn to compete.
Simple Kubernetes management with GitLabKubernetes can be very complex and has dozens of tutorials out there on how to provision and manage a cluster. This tutorial aims to provide a simple, lightweight solution to provision a Kubernetes cluster and manage it with infrastructure as code (IaC) using Terraform and Helm in 20 minutes or less.
GitLab Patch Release: 15.4.5Today we are releasing version 15.4.5 for GitLab Community Edition and Enterprise Edition.
GitLab names Joel Krooswyk as its first Federal CTOGitlab Federal, LLC, provider of The One DevOps Platform for the public sector, announced that Joel Krooswyk, former Senior Manager of Solutions Architecture, has been named Federal CTO.
GitLab Patch Release: 15.5.4Today we are releasing version 15.5.4 for GitLab Community Edition and Enterprise Edition.
How we boosted WebAuthn adoption from 20 percent to 93 percent in two daysIn light of the high-profile phishing campaigns that breached public technology companies (e.g. Twilio, Uber, Dropbox, and others), GitLab decided to accelerate the implementation of the next phase of our security hygiene program, which would further enhance our security posture. As part of this acceleration, GitLab’s IT and Security teams recommended a swift adoption of phishing-resistant authentication across the entire company.
How to use Git rebase in real lifeMy colleague Chris recently wrote about how to take advantage of Git
GitLab Patch Release: 15.5.3Today we are releasing version 15.5.3 for GitLab Community Edition and Enterprise Edition.
Top challenges to securing the software supply chainOrganizations are feeling the pressure to integrate security into their software development lifecycles, and federal and industry mandates mean the days of security as a “nice to have” are officially over. Understanding the threats that can emerge across the entire software supply chain is integral to this effort. But assembling a complete DevSecOps strategy that governs how code, applications, and infrastructure are protected across the software supply chain is no easy feat.
Cadence is everything: 10x engineering organizations for 10x engineersI confess: Although I don’t believe in Bigfoot or Nessie and do believe the moon landings happened, I am convinced that despite the current orthodoxies, 10x engineers very much exist and are a major positive force for the industry, and potentially your organization. If you can find one, convince her to work for you and keep her happy and productive (but I repeat myself).
GitLab Security Release: 15.5.2, 15.4.4, and 15.3.5Today we are releasing versions 15.5.2, 15.4.4, and 15.3.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).
New OpenSSL 3.0 vulnerabilities: What you need to know to find and fix themThe OpenSSL Project announced two vulnerabilities found in OpenSSL 3.0-3.0.6 (first released in September 2021). CVE-2022-3786 and CVE-2022-3602 both relate to X.509 email address buffer overflows and require users to upgrade to OpenSSL 3.0.7, which includes patches for the vulnerabilities, which were downgraded from “critical” to “high.”
A snapshot of modern DevOps practices todayAt almost 15 years old, DevOps has been around long enough to settle in and take shape at organizations around the world. But what do “modern” DevOps practices look like today, and how are they likely to change? Three market research firms gave us their take on the current generation of DevOps, and what’s coming next.
GitLab.com CI artifacts to use Google Cloud CDNOver the next month and going forward, requests for GitLab CI artifacts downloads may be redirected
The ultimate guide to SBOMsModern software development is marked by a commitment to application security – not just for code developed in-house, but for the entirety of the software supply chain. However, which upstream dependencies are included in software and the reasons why they are required can be difficult to determine. A software bill of materials, or SBOM, sheds light on an application’s contents and code origins, and, when paired with vulnerability management tools, can help identify vulnerabilities and highlight risk for subsequent mitigation. This guide will explain what SBOMs are, their importance in a multi-faceted DevSecOps strategy, their relationship to vulnerability management, and how to assess and improve an application’s SBOM health.