GitLab kun je vergelijken met het bekendere GitHub, maar bevat een aantal subtiele verschillen. Het is een omgeving voor het beheren van Git-repositories on-premises en wordt uitgegeven onder de MIT Expat-licentie en ontwikkeld in Ruby on Rails. Het is beschikbaar in twee versies, namelijk de gratis te gebruiken Community Edition en een betaalde Enterprise Edition, met meer functies die op grote bedrijven zijn gericht. De twee smaken worden op deze pagina uiteengezet. Het ontwikkelteam heeft GitLab 11.9 uitgebracht en de release notes voor deze uitgave kunnen hieronder worden gevonden.
Quickly learn if secrets have been leaked
Inadvertently committing credentials to a shared repository can have serious consequences, yet it is a simple mistake to make. Once an attacker gets your password or API key, they can take over your account, lock you out, and fraudulently spend money. This can even lead to a domino effect where access to one account grants access to others. With the stakes so high, it’s of paramount importance to learn as quickly as possible if secrets have been leaked.
With this release, we’re introducing secret detection as part of our SAST functionality. Each commit is scanned by a CI/CD job to ensure it doesn’t contain secrets. If the scan detects secrets, the developer is alerted in the merge request, allowing them to take action quickly to invalidate the leaked credentials and generate new ones.Enforce proper change management
As an organization grows and becomes more complex, it becomes difficult to keep alignment across different parts of the organization. At the same time, the consequences of merging improper or insecure code also increase when an application has more users and generates more revenue. For many organizations, ensuring proper review process is followed before code is merged is a hard requirement because the risks of not doing so are so great.
With GitLab 11.9, we’re providing greater controls and more structure with Merge request approval rules. Previously, you could specify either an individual or a group for required approval (where any single member of the group can provide approval). Now, multiple rules can be added to a merge request to require individual approvers specifically, or even require a number of approvers from a particular group. Additionally, the Code Owners feature is an integrated part of approval rules, making it easy to track down who should approve.
This allows organizations to implement complex approval flows, all while maintaining the simplicity of GitLab’s single application where issues, code, pipelines, and monitoring data are visible and accessible to inform decisions and speed approval.ChatOps is now open source
GitLab ChatOps is a powerful automation tool, allowing you to execute any CI/CD job and receive the status of the job directly from chat apps like Slack and Mattermost. Originally released in GitLab 10.6, ChatOps was part of the GitLab Ultimate tier. As part of our product strategy and commitment to open source, we occasionally move features down in tier and never move them up.
With ChatOps, we felt this was functionality that everyone could benefit from and that the feature itself could benefit from community contributions.
In GitLab 11.9, we’ve open sourced ChatOps so it is available to use in GitLab self-managed Core and GitLab.com Free, and is open for community contributions.And much more!
So many great features are available in this release like Auditing for feature flags, Vulnerability remediation merge request, and CI/CD templates for security jobs that you’ll want to read on to learn about them all!