GitLab 11.9 seeks for secrets, looks for approvals

Gitlab Logo
Gitlab Logo

GitLab has tightened up on secrets management and approval processes in its latest monthly release.

Top of the list of changes in v11.9 is Secret Detection, to prevent secrets and credentials being inadvertently committed to remote repositories, and put in danger of exposure. The secret detection feature means that repo contents are scanned for API keys and any other info that shouldn’t be there, so that they can be revoked.

The results are shown in GitLab’s SAST reports, and the feature is automatically enabled for users who have SAST or GitLab’s Auto DevOps configuration enabled.

The other big change is tighter enforcement of merge request approval rules to enforce “proper change management”. Previously, there were two options for approvals – an individual or a group, with any single member of the group being able to approve a request. Now multiple rules can be added, for example to require specific approvers, or a number of approvers. This should allow more complect approval flows, GitLab said.

No doubt those approvers might want to chat to one another and trigger jobs from Slack or Mattermost, so it might be helpful that GitLab has opensourced its ChatOps tool, and made it available in its Core and GitLab free editions. It was previously available in the GitLab Ultimate tier.

Meanwhile, sticking with ChatOps, the company is dropping its integration for HipChat, the defunct chatops platform which Atlassian handed over to Slack last year.

Other additions, in a similar vein, include being able to required merge request approvals by code owners, and filtering merge request lists by assigned approvers.

Meanwhile, Serverless fans get a “greatly simplified” serverless gitlab.yml template, which will mean new functionality can be added in future, without having to change this file.

Another security related change comes in the extension of GitLab’s SAST to include TypeScript. This follows the extension of SAST to Javascript last month.

The release coincides with the release of GitLab Runner 11.9, which sees alpine images updated to v3.9 and docker api updated to v1.25.