Open-source repository management system GitLab has reached v11.7 and includes improvements in terms of performance, security, integration, and workflow automation.
One of the most interesting new features has to be Release, which lets users create snapshots of the source, links, and other artifacts belonging to one version of their code. These can then be viewed on a summary page, making it easier for everyone to find the latest project version.
Security is one of the focal topics of the v.11.7 release, which offers users the ability to configure secrets for Kubernetes apps as environment variables to reduce the risk of exposure for example. Speaking of Kubernetes, new clusters will now default to RBAC mode to secure new infrastructure elements, and actions such as listing, adding, and deleting clusters are accessible via an API. The latter should facilitate integration into automatic workflows.
If a commit isn’t supposed to start the CI/CD pipeline, the new version allows skipping a run without changes to the commit message. Creating a pipeline has also gotten a bit easier, since v1.17 allows including configuration snippets from other projects or templates – before only files in the same project repo or those fetched via HTTP were an option. Teams only starting with GitLab now got an option to import issues from CSV files.
With the release of v.11.7, subscribers to the premium and ultimate/silver and gold GitLab packages get a way to share and version control npm packages through a built-in npm registry. To improve clarity, they are now also able to expand cross-project pipelines directly from the pipeline view.
Additions reserved for ultimate/gold users include a function to download patch files to fix vulnerabilities GitLab has detected and apply them to the repository via git apply. Once changes are pushed back into the repo, the security dashboard will then indicate whether the application in question is still exposed in some way.
To let ultimate/gold users stay on top of their security issues, the GitLab team also implemented filters to sort vulnerabilities by severity, report type, and project name, and added findings of the dependency scanning to group security dashboards. Another ultimate/gold-only feature is so-called multi-level child epics, which allow users to include issues as well as epics in their epics giving more structure to long-term planning.
Those making use of a self-managed version of GitLab are now able to receive emails from the system if they use Microsoft Exchange or Google Groups configured as an email server. Since both don’t support sub-addressing, this wasn’t an option before, but v11.7 should be able to work with catch-all email mailboxes, opening the world of creating issues via email, and commenting via replying to a wider user base.
Additional changes only accessible to paying users include a search filter for issue boards, stricter restrictions for code reviews, preventing those who committed changes to a merge request from approving. A full list of improvements can be found in the release statement.
GitLab can be seen as an open source alternative to GitHub, offering free as well as commercial versions with additional functionality.