GitLab’s monthly update is here, adding a few things to make pipelines more flexible while looking to improve security and access management for those willing to pay for the DevOps platform v14.3.
Organizations on the Ultimate subscription, for example, are now able to manage secret detection scans and dynamic application security testing (DAST) through runtime policies, making scans independent of file content. configuration .gitlab-ci.yml. GitLab 14.3 is also the first release to use the company’s new proprietary Static Application Security Testing (SAST) engine as part of the Ultimate offering.
According to the publication blog, the engine is intended to “eliminate vulnerabilities that may have been falsely reported by other embedded security tools” through the use of different program representations and a “new extraction language. of models “. Long-term goals for the tool include better integration of security testing into the software development lifecycle and improvement of various types of testing.
To improve the scalability of a configuration, Ultimate and Premium customers can now allow agents to access multiple groups. Teams no longer need to register agents for all projects in an authorized group, as they can all automatically use the same agent for cluster access. Other enhancements available to paid subscribers include group-level permissions for protected environments and additional logging of audit events when changing protected branch settings or merge request approvals.
However, GitLab 14.3 also brings more flexibility to CI / CD pipelines. The
include the keyword used to integrate the external configurations to the pipeline can be combined with a new
rules conditions, allowing teams to define when a YAML should be included. Once defined, the rules can be reused in different jobs via
!reference Key words. Another change meant to make pipeline writing a bit easier is the ability to use variables inside other variables, and there is an option to filter pipelines by source for a better overview.
Teams using GitLab’s dependency proxy have gained the ability to retrieve details about cached container images through a GraphQL API that was introduced as part of the release. Details on other cool additions, ranging from Kubernetes 1.20 support to user GPG key views and a media preview in the Wiki Editor, can be found in the publish the post.
GitLab Runner, the component that helps GitLab CI / CD run tasks in a pipeline, got a also update and now includes a feature flag for the shell executor to clean up artifacts in the build directory. It also no longer sees all kinds of Docker image fetch failures as runtime system failures, but distinguishes between system errors and script errors.
The new version comes just days after the company filed an initial public offering, which was already expected in 2020, but had been postponed – presumably for pandemic reasons.