GitLab 11.9 seeks for secrets, looks for approvals

By Team Devclass
-
GitLab 11.9 seeks for secrets, looks for approvals
Gitlab Logo

GitLab has tightened up on secrets management and approval processes in its latest monthly release.

Top of the list of changes in v11.9 is Secret Detection, to prevent secrets and credentials being inadvertently committed to remote repositories, and put in danger of exposure. The secret detection feature means that repo contents are scanned for API keys and any other info that shouldn’t be there, so that they can be revoked.

The results are shown in GitLab’s SAST reports, and the feature is automatically enabled for users who have SAST or GitLab’s Auto DevOps configuration enabled.

The other big change is tighter enforcement of merge request approval rules to enforce “proper change management”. Previously, there were two options for approvals – an individual or a group, with any single member of the group being able to approve a request. Now multiple rules can be added, for example to require specific approvers, or a number of approvers. This should allow more complect approval flows, GitLab said.

No doubt those approvers might want to chat to one another and trigger jobs from Slack or Mattermost, so it might be helpful that GitLab has opensourced its ChatOps tool, and made it available in its Core and GitLab free editions. It was previously available in the GitLab Ultimate tier.

Meanwhile, sticking with ChatOps, the company is dropping its integration for HipChat, the defunct chatops platform which Atlassian handed over to Slack last year.

Other additions, in a similar vein, include being able to required merge request approvals by code owners, and filtering merge request lists by assigned approvers.

Meanwhile, Serverless fans get a “greatly simplified” serverless gitlab.yml template, which will mean new functionality can be added in future, without having to change this file.

Another security related change comes in the extension of GitLab’s SAST to include TypeScript. This follows the extension of SAST to Javascript last month.

The release coincides with the release of GitLab Runner 11.9, which sees alpine images updated to v3.9 and docker api updated to v1.25.

AWS combines "building block" blueprints with CodeCatalyst for rapid project creation including DevO...
Cloudflare updates Workers platform with Python support, event notifications, and improved local dev...
Podman 5.0 released with native Mac hypervisor support, new features and breaking changes
GitHub autofix progresses to public beta: insecure code corrected with AI, but only for enterprise
From Docker to Dagger: Solomon Hykes on modernisation of the DevOps pipeline
Docker introduces Build Cloud for accelerated local development
Spotlight on GitHub self-hosted runners again as researcher demonstrates attack on PyTorch code
Google pitches AI developers with Gemini Pro, new tooling, and generous free quota
WebAssembly increasingly used for plug-ins and serverless, but needs better tools
Microsoft-sponsored Radius project aims to mitigate “limitations of Kubernetes”
Security risks of personal access tokens exposed by attacks on GitHub
AWS previews Amplify 6 JavaScript library, hints at CodeWhisperer Enterprise