GitLab trumpets 12.0, says it’s a DevSecOps platform now

GitLab trumpets 12.0, says it’s a DevSecOps platform now
Gitlab Logo

GitLab is stretching its eponymous CI/CD platform even further with a dollop of DevSecOps, just two years after it declared itself a DevOps platform.

Just ahead of the official launch of GitLab 12.0 this weekend, the vendor said in a statement that the latest version “brings development, security, and operations into a single application”.

It then reeled off a list of security features which have actually been part of the platform for a while, including SAST, DAST, dependency scanning, and container scanning, as well as security dashboards.

It said 12.0 would add Visual Review Tools, a project dependency list, and Merge Trains, while the soon to be appear 12.1, it seems, will add Security Approvals.

It added that “We are rapidly iterating on Auto Remediation to automate vulnerability fixes. Auto Remediation aims to automate vulnerability solution flow, and automatically create a fix.”

That’s the sec side taken care of. What about the ops side? The company chose to point at its earlier addition of feature flags, and an operations dashboard.

It has now promised incident management in 12.1. It describes  incident management as “a collection of features which enable organizations to effectively manage outages and other events that occur while operating a service”.

It seems GitLab’s existing Issue features will form the base for incident management, with Alerts – from Prometheus for example – triggering templates containing key procedures and tools, including collaboration tools such as Slack or Zoom.

Both moves mirror what its rivals in the CI/CD/Dev(Sec)Ops world are doing. Aussie giant Atlassian, building out from its Jira base – bought OpsGenie last year and launched JiraOps.

Meanwhile, GitHub last month bought dependency scanning outfit Dependabot, and is becoming steadily more integrated with parent Microsoft’s Azure services, including Azure DevOps.