DEVOPSdigest

GitLab is releasing 13.0 of its DevSecOps platform to enable organizations to efficiently adapt and respond to new and dynamic business challenges.

With the 13.0 release, GitLab is adding new development, planning, analytics, operations and security-focused features - such as epic hierarchy on roadmaps, design collaboration, and vulnerability management - to help organizations identify bottlenecks and waste, break down functional silos and focus on delivering business value without sacrificing security or compliance. Also with this release, Gitaly Clusters will become generally available to ensure that Git repository storage has a warm replica ready to take over if an outage occurs while Auto DevOps has been extended to simplify deployment to Amazon Web Services (AWS).

“Drawing from years of expertise, GitLab runs the world's largest all-remote DevOps software company. Our customers often wonder how we continually iterate on new changes, features and capabilities to quickly make improvements to the product on a monthly basis. The answer is simple - we use GitLab,” said Scott Williamson, EVP of Product at GitLab. “The 13.0 release is a key milestone in providing our customers with a more mature end-to-end DevSecOps solution that efficiently and confidently responds to today’s unique business challenges.”

With the 13.0 release and beyond, GitLab continues to expand its complete open core DevOps platform including source code management (SCM) and continuous integration (CI), delivered as a single application, to help organizations better achieve business agility, rapid collaboration, and security and compliance. Together with its ever-growing community of channel and technology partners, GitLab is helping organizations everywhere improve their resilience, responsiveness and product velocity.

As many businesses strive to be more responsive and efficient, GitLab helps streamline existing software development processes to bring siloed teams together into a unified DevSecOps platform. Key focus areas and development features include:

- Value Stream Management: Helps users quickly identify bottlenecks and waste. Value Stream Analytics now supports customization, allowing organizations to tailor the feature to their specific workflow. Soon, the ability to visually depict Value Stream Analytics stages as a flow will also simplify this effort.

- Requirements Management: Released in 12.10, GitLab now allows users to create and manage specified requirements for a user’s applications. GitLab will continue to evolve these capabilities with added traceability between requirements, creating a seamless workflow to visually demonstrate completeness and compliance.

- Release Management: Gives users a seamless workflow for managing their software releases including visual queues for release managers to ensure completeness and traceability of all artifacts to ensure compliance.

- Feature Flags: Allows users to harness the cycle-time compression of progressive delivery by dynamically toggling certain functionalities to test desired impact. Upcoming releases will enable A/B testing based on Feature Flags along with the ability to create feature flags from merge requests and to filter feature flags by status.

A shared view of software from development through production can unite a team's efforts toward common business goals and achievements. GitLab builds upon existing capabilities that help with collaborative development, reporting and organizing and managing work via epics, milestones and more. New and upcoming collaboration and reporting features include:

- Dashboards: The Operations dashboard is more customizable allowing multiple variables and security dashboards are now exportable for collaboration beyond GitLab users. Future releases will add Kubernetes Clusters to the dashboard to show, at a glance, all clusters and pods in use.

- Infrastructure as Code: GitLab’s best-of-breed Source Control and CI capabilities have attracted operations teams utilizing Infrastructure as Code practices to Gitlab. GitLab provides more native experiences for Kubernetes and HashiCorp Terraform but will continue to evolve first-class experiences for defining infrastructure right alongside code.

- Design Management: GitLab moved design management to core recognizing users who are designing products as individual contributors.

- Alert and Incident Management: Allows DevOps organizations to truly embrace collaboration between development and operations teams by routing their existing monitoring alerts to GitLab for alert triage and incident resolution with all the rich context from development activities.

Shifting security left by embedding application security testing within CI can help businesses embrace security and compliance controls end-to-end in the software development lifecycle. This also helps reduce risk while freeing up resources to focus on critical business needs. GitLab offers static application security testing (SAST), secrets detection, dynamic application security testing (DAST), dependency scanning, container scanning, and license compliance scanning, all included in GitLab’s continuous integration/continuous delivery (CI/CD) platform within GitLab’s Ultimate/Gold tier offering. New and upcoming security and compliance features include:

- Standalone Vulnerabilities: Rearchitects the way we manage vulnerabilities to unlock even more robust future capabilities to help users prioritize and manage vulnerabilities and their associated risk.

- Responsible Disclosure: By becoming a Common Vulnerabilities and Exposures (CVE) ID Numbering Authority (CNA), GitLab users can request a CVE from GitLab, either for GitLab itself or for any project hosted on GtLab.com. In the future, CVE IDs will be able to be requested directly from within the GitLab UI.

- Security Scanning: To broaden the appeal to even more users, 13.0 offers SAST for .NET Framework and expands support for offline environments initially introduced in 12.10, along with DAST scans for REST APIs, and full commit history scan for secrets for even greater detection. Also, fuzz testing support will be introduced later this year.

- Container Network Security: A minimal viable change (MVC) for the integration of cloud-native security solutions for container behavior analytics provides visibility and protection into a user’s kubernetes environment. The addition of an out-of-the-box network policy set is planned for an upcoming release.

- Compliance Management: Allows users to automate the ability to establish a compliance framework, adopt its regulatory controls, and simplify audit reporting. Along with this, we are working on an initial security policy user interface to simplify security guardrails.

- Secrets Management: Builds upon prior integration work and will soon give users the ability to secure secrets across services.

- Okta: When Okta SCIM (System for Cross-domain Identity Management) is provisioned for a GitLab group, membership of that group is now synchronized between GitLab and Okta reducing administrator time.

With the expansion of the GitLab Partner Program announced in April, GitLab is in a position where its technology and channel partnerships add complementary value around the GitLab product and joint customers’ ability to respond to the ever changing environment. Integrations with the major cloud providers, technology partners and channel partners’ service offerings enhance GitLab’s collective offerings to joint customers. Bringing this together, enables customers to be more responsive and resilient at a holistic level.

GitLab 13.0 release is available now.