GitLab 13.0 Improves Security
Friday, 12 June 2020

The latest update to GitLab has been released with improvements to security and new options for collaboration. GitLab is a web-based repository manager for Git that supports concurrent devops and issue-tracking, with tools for software development, deployment, and project management.

The headline improvements to the new release start with security. The team has added the ability to scan REST APIs via DAST. Dynamic Application Security Testing (DAST) is a security testing method whereby an application is tested from the outside. GitLab's new support means the whole application can be scanned, not just the UI.

gitlab

The GitLab team says:

"by supporting use of an OpenAPI specification as a guide for what URLs and REST endpoints need to be scanned, DAST helps secure an application’s entire attack surface and provides more insight into the potential vulnerabilities of any running application."

The next improvement to security is the ability to carry out a full commit history scan for secrets. Secret Detection was introduced in GitLab 11.9, and scans the commit history of changes in a merge request. Until now, it didn't scan the older git history, but now does, meaning you can identify historical secrets that might be hiding in your older git commit history. The new release also handles vulnerability objects differently, so you can export vulnerabilities from the security dashboard.

The improvements for collaborative development start with the addition of version control for snippets. To manage more complex projects, 13.0 allows you to view the epic hierarchy on your roadmap, view how your epics line up with your various milestones, and add a single or multiple milestones to your releases. You also get alerts if you close an issue with open blockers to "help you focus on critical path items".

Other improvements improve GitLab's Gitaly cluster for high availability Git storage to ensure there are always multiple warm replicas ready to take over if an outage occurs. There's also now a simple way to deploy to Amazon Web Services Elastic Container Service (ECS) using Auto DevOps.

gitlab

More Information

GitLab Homepage

Related Articles

GitLab Goes Serverless

GitLab Adds Security Dashboards

GitLab Adds Auto DevOps

Microsoft Buys GitHub - Get Ready For a Bigger Devil

InkScape Moves To GitLab

GitHub Marketplace Now Accepts Free Apps and Offers Free Trials

GitHub Victim Of Its Own Success

Microsoft CodePlex Is Shutting Down 

Microsoft Mass Migration To GitHub 

GitHub Octoverse Reveals The State Of Open Source 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Flox Releases Flox Hub
13/03/2024

Flox has announced that its Command Line Interface (CLI) and FloxHub are now generally available. The CLI is open source and FloxHub is free for anyone to use.



AWS Adds Support For Llama2 And Mistral To SageMaker Canvas
12/03/2024

As part of its effort to enable its customers to use generative AI for tasks such as content generation and summarization, Amazon has added these state of the art LLMs to SageMaker Canvas.


More News

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info