Coming down the pipeline: GitLab 13.12 brings security, management tweaks


The latest GitLab update focuses on usability and pipeline management improvements, plus changes to make project deployments more secure, among other enhancements.

Announced on the GitLab Blog, the headline improvement in release 12.12 of the web-based DevOps platform is the general availability of its dynamic application security testing (DAST) facility for all GitLab Ultimate customers. This feature enables on-demand scans of an already deployed application or API in any configured environment outside of a CI/CD pipeline.

Staying on the security theme, the Semgrep SAST (Static application security testing) analyser for JavaScript, TypeScript, and Python is also generally available. According to GitLab, Semgrep’s flexible rule syntax is ideal for streamlining the GitLab Custom Rulesets feature for extending and modifying detection rules, and also allows GitLab customers access to Semgrep’s community rules.

The Project Vulnerability Report also now gives users the ability to filter by scanner and vendor, allowing you to filter scan results for just third-party scanners or for all scanners including those from GitLab.

New users

GitLab 13.12 also introduces changes to make CI/CD pipelines easier to use. As part of this, the pipeline editor now features a collapsible panel of guided instructions to help new CI/CD users create their first pipeline.

Other features offer more flexibility in creating pipelines, such as support for wildcards in the include: keyword that helps with breaking up the .gitlab-ci.yml file that holds specific runtime commands  into multiple smaller files to improve re-usability and readability. Developers can now define variables within rules. This provides flexibility to set pipeline variables when certain conditions are met. The pipeline graph now shows dependencies between jobs, to make it easier to visually track and understand the expected order in which the jobs will be run.

This release introduces a group-level deployment frequency chart, as part of GitLab’s ongoing efforts to support DORA4 DevOps metrics. The frequency chart should help users understand the efficiency of their deployments over time, find bottlenecks, and focus on areas for improvement across projects and teams.

Value Stream Analytics now has pagination and sorting of workflow items to make it easier for developers to visualise and sort items in a specific stage to pinpoint bottlenecks. For full details of all the changes in GitLab 13.12, see the release notes.