The GitLab team has stuck to their release schedule and released version 12.3 of its repository management and collaborative development platform out into the wild.
One of the highlighted additions of the new release, which is available to all users, no matter the subscription plan, is a Web Application Firewall for Kubernetes Ingress. The feature is implemented as a modsecurity plugin and helps “monitoring and reporting security concerns related to Kubernetes clusters”.
If installed, it can tell if a HTTP or HTTPS traffic contains malicious code, which should help with issues such as cross-site scripting. While the firewall is still in its early stages, the plans for future versions include ways to create additional firewall rules and help to reduce risk in earlier stages of application development.
Another new feature available to all is the Analytics Workspace. It is meant to facilitate the analyses of team metrics by letting users compile insights across projects and groups. For now, selection of multiple groups and subgroups or porting of all analytics features of an instance isn’t an option, but it’s on the agenda. Some of the capabilities of the new workspace will only be accessible for enterprise edition users. GitLab however promises to keep the core free for all and not remove any project-level analytics functions as they slowly shift to the Analytics Workspace.
GitLab 12.3 also comes with keyboard shortcuts to navigate to the next and previous unresolved discussion, a way to close issues via a slash command in Slack, as well as system hooks for project and group member updates. A new rules: syntax has been added to understand complex pipeline rules, while expanded permissions for the CI Registry User service account have made it more useful since it now allows untagging images and therefore automatically cleaning up scripts.
Enterprises that have invested in premium/silver and ultimate/gold plans will find a first version of Productivity Analytics in the current release which gives insight into the time needed to integrate a merge request into the code base. Making things like this measurable is, according to GitLab, meant to help getting a team’s productivity up.
But as anybody working in the industry knows, there’s more to the issue than that, which is why additional data points are going to be integrated in the coming releases. The next iteration for example will probably take dependencies into account to make waiting times which are down to external factors more visible.
Compliance has also been on the GitLab to-do list, so there are now ways to require code owner approval for specific branches (premium/silver, ultimate/gold), restrict API activity to a specific set of IP addresses, and reject merges of code including a blacklisted license (ultimate/gold).
Before upgrading, be aware that the tool admins use for insight into a GitLab instance has been renamed from gitlab-monitor to gitlab-exporter, which means Omnibus users will have to update their gitlab.rb file. More information on the new release can be found in the projects’ (GitLab CE, EE, and Runner) changelogs.
GitLab 12.3 comes just a couple of days after the company informed the community about its $268m series E funding round, which valued the company at $2.75bn. According to the official announcement, the money will go towards making the company’s “DevOps platform offerings, including monitoring, security, and planning, best in class”.