April showers GitLab users with updates in release 13.11

Container orchestration

GitLab has hit version 13.11, bringing with it a number of enhancements including the GitLab Kubernetes Agent, speedier pipelines and a fresh compliance framework for pipeline configurations.

The latest iteration of the web-based DevOps platform has ushered in availability of the GitLab Kubernetes Agent. This is a central piece of GitLab’s Kubernetes integrations, according to the GitLab team, and enables pull-based deployments to end-user clusters, while GitLab.com manages the necessary server-side components of the Agent.

Unlike legacy, certificate-based Kubernetes integration, the GitLab Kubernetes Agent does not require a user to open up their clusters to GitLab, but does support Network Security policy integration which enables fine-tuned role-based access controls around GitLab’s capabilities within those clusters.

Another new capability is compliant pipeline configurations, which makes it possible to define enforceable pipelines for any project assigned a corresponding compliance framework. This means that users with compliance requirements under regulations such as GDPR or PCI-DSS in the workflow can now set up a single pipeline definition for that compliance framework, and all projects using that framework will include the predefined pipeline automatically.

GitLab currently provides several predefined compliance framework labels such as GDPR, and PCI-DSS, but from this release users can add their own custom frameworks. In future, GitLab will also allow users to create policies that can be applied to projects based on custom labels.

Meanwhile, GitLab claimed that “Speedy, reliable pipelines” is one of its main product themes, and reckoned it has delivered on that promise this month with a host of pipeline improvements in 13.11.

For example, the pipeline editor now allows users to begin working on a new, blank pipeline file without having to create a config file first. Previously, the editor only worked if the .gitlab-ci.yml configuration file already existed in the root of the repository, but this release, adds the ability to create an initial empty pipeline file from the pipeline editor page itself.

Also added is the ability to configure multiple cache keys in a single job, which GitlLab said will help boost pipeline performance and these improvements can be measured from the CI/CD dashboard, where a new DORA 4 graph shows lead time for changes via time for code to be committed and deployed to production.

On the security side, 13.11 has introduced the Semgrep flexible rule syntax to extend and modify custom detection rules, which GitLab said was a popular request from customers using Static Application Security Testing (SAST). Semgrep is a relatively new tool for finding bugs and enforcing code standards from the development team at r2c. Semgrep’s rules apparently look like code, so users can write their own rules without having to understand abstract syntax trees (ASTs) or regexes.

For further details, the release notes are here, while a preliminary overview of what is planned for the next GitLab release is available here.