Git a March on: GitLab 13.10 ramps up security, adds support for OpenShift, DORA

Git a March on: GitLab 13.10  ramps up security, adds support for OpenShift, DORA

The GitLab crew has officially released 13.10, with this version of the tool focusing on scalability, enhancing admin issues and improving vulnerability management – reflecting the increased concern from developers around security.

In the hopes of smoothing out some of the issues organisations face when managing a DevOps strategy, GitLab 13.10 introduces several new features to automate routine tasks. This includes support for DORA metrics (defined by Google’s DevOps Research and Assessment team) with a new API to track lead time for changes (via merge requests) on the project level. Also added is an API for Deployment Frequency metrics at the group level, so organisations can track and identify blockers across a portfolio of projects.

Feeling vulnerable?

On the thorny issue of security and the management of vulnerabilities, GitLab said it has focused on reducing the overhead of managing and sharing vulnerabilities. To help customers to speedily identify and assimilate information on the latest issues, vulnerability reports now feature clickable file and line number links with a direct path to the relevant vulnerability details.

The team has also added more interactive elements to its vulnerability trends chart to make it easier to find and share information.

Meanwhile, Bulk Status Updates now allow security teams to modify the status of multiple vulnerabilities simultaneously. Selecting one or more issues from a Vulnerability Report will now let users set them to any status, plus you can move vulnerabilities back to Detected status if they need further evaluation.

The new release also adds a few more tricks to help when things go wrong. For example, there are now tools to help users integrate and manage alerts from multiple monitoring solutions including Nagios or SolarWinds. This provides support for multiple HTTP endpoints with unique auth tokens for each integrated monitoring tool, and users can transform each external alert’s format in the GitLab user interface and ensure alerts display relevant data in the right places.

For organisations using GitLab Geo for disaster recovery, this feature will now automatically verify the data integrity of replicated Package Registries as well as replicate group wikis.

GitLab 13.10 also brings GitLab support to Red Hat’s OpenShift container platform with general availability of the GitLab Runner Operator for Red Hat OpenShift. GitLab Runner is an application that works with GitLab CI/CD to run jobs in a pipeline, and the Operator is the software required to host this in a Kubernetes cluster in the OpenShift environment.

There’s more in the release notes here.