BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News GitLab 11.9 Released with Automated Secrets Detection

GitLab 11.9 Released with Automated Secrets Detection

GitLab 11.9 has been released with automated secrets detection and additional merge request approval rulesets. GitLab is a software development lifecycle support tool, providing project planning, source code management, and CI/CD capabilities.

Secret detection is now included as part of GitLab’s Static Analysis Security Testing (SAST) functionality. Each commit is scanned during CI to check for inclusion of secrets, such as API keys. If found, the developer is automatically notified in their merge request. The results of the scans are also presented in the SAST reports in the security dashboard. This functionality is enabled on any application that has SAST enabled. It is also included in the Auto DevOps default configuration.

GitLab UI showing detection of secrets in a merge request (credit: GitLab)

Also included in this release are improved merge request approval rulesets. Previously it was possible to specify either an individual or a group for required approval. With this release, it is possible to add multiple rules to a merge request, which allows a user to require specific individual approvals or any number of approvals from a particular group. Code owners, introduced in GitLab 11.3, are integrated into approval rules as well. As well, GitLab now supports requiring merge request approvals from code owners based on which files changed. Note that at the time of writing, this feature is disabled due to a regression.

With this release, the ChatOps functionality has been moved into the Open Source edition; previously it was only available as part of the Ultimate tier. This allows you to execute jobs and receive status updates directly in supported chat applications. Currently Slack and Mattermost are supported.

Building upon the remediation patch file feature released in 11.7, GitLab can now detect vulnerabilities and suggest possible remediations. Through the web interface you can create a merge request from the vulnerabilities details window, validate the fix addresses the problem, and merge into master. This functionality is currently able to scan for vulnerabilities from the yarn package manager.

Starting with GitLab 11.9, built-in templates for all security jobs, such as sast and dependency_scanning, will be included. These templates will be compatible with the GitLab version they ship with. By including these built-in templates into configurations, they will update automatically with upgrades to new versions of GitLab. Note that this method of defining security jobs now deprecates all other means of defining jobs. GitLab recommends updating to the new template keyword as support for other syntax may be removed as early as GitLab 12.0.

This release also includes a number of minor feature improvements including:

  • Container scanning results are now presented in the group security dashboard
  • Now able to reply to any comment and create a threaded discussion
  • Project templates for .NET, Go, iOS, and GitLab Pages are now included
  • The Web IDE now supports moving files and directories
  • Labels in merge requests, epics, and issues are now alphabetically sorted
  • Automated validation that Kubernetes CA certificates are entered as a valid PEM format
  • Can now edit the Knative domain after deployment to a Kubernetes cluster
  • Child epics have been enhanced to support reordering via drag and drop

For more details and additional features included in this release, please review the official announcement on the GitLab blog. GitLab can be trialed as a SaaS-hosted or self-managed solution.

Rate this Article

Adoption
Style

BT