GitLab unwraps security, AWS integration in (final?) release of 2019

GitLab unwraps security, AWS integration in (final?) release of 2019
Gitlab Logo

GitLab has put security front and centre in what should be this year’s last release of its Dev/Sec/Ops/everything platform.

Just released GitLab 12.6 now has a project Security Status panel, which ranks projects by security profile making it easier for “development leaders” to spot which projects are at greater risk and need “additional attention”. Projects are graded A to F – the latter including at least one critical vulnerability. Presumably security specialists will also find the feature useful. GitLab has steadily been adding security to its feature set.

At the same time, it has added Automated Evidence Collection for audits, via a “release evidence file”, a JSON object that includes links to the milestones and issues that were included in a release to streamline audits.

The third highlight of the release, from GitLab’s point of view anyway, is the ability to manage and share C and C++ code using the Conan repository. The company said this means users will have “source code, automated GitLab CI pipelines and the resulting packages in the same application which will help improve their overall efficiency and velocity.”

Also on the security side, 12.6 brings the ability to view the platform’s Secure scanners, showing which are available, how they’ve been configured, and links to documentation. Password admin has been tightened up, with the ability to specify the minimum password length in the admin area. Security minded admins also get the ability to force regular rotation of personal access tokens.

Release management should be made easier with a filter for issues and merge requests by release name, while a squash-and-merge feature combining all a merge requests’ commits into one, has been added to Merge Trains.

The company has also begun delivering on its promise of tighter integration with (major) cloud providers, with an official GitLab container with AWS client installed. This will allow AWS commands to be run from within users’ pipelines. The firm said, “We hope to see community contributions for additional cloud providers using this model of pre-built images with included scripts hosted in the official GitLab Cloud Deploy container registry.”

You can see the full list of changes here