GitLab put focus on security for v14.8 improvements

GitLab

GitLab 14.8 has made its way into the open with security improvements and slight UI enhancements in tow.

Amongst other things, the latest version of the DevOps platform learned to support ecdsa-sk and ed25519-sk key types which allow using hardware-backed SSH authentication, making the project a bit more secure. Teams are also provided with the option to customise static application security testing and secret detection rules as well as a whole slew of security analyser upgrades in GitLab’ Static Analysis module. GitLab SAST was meanwhile reworked to provide severity ratings for vulnerabilities in .NET projects.

Since vulnerability checks have been marked as deprecated, ultimate users get a replacement in the form of security approval policies with the update. While it can be used to ask for approval when vulnerable merge requests are identified in a similar manner to its predecessor, the new feature also comes with a variety of new options. Admins for instance get the chance to chain rules together, decide who’s allowed to edit approval rules, enforce two-step approval processes, and apply security policy sets to multiple projects.

To provide a better overview of processes, GitLab Ultimate contains a new index page where on-demand security scans are listed and can be started from, and features additional metrics such as the number of successful deployments in a given date range, deployment frequency, and the median lead times in the CI/CD analytics section.

Organisations on the premium and ultimate tier who don’t set weights on issues can switch their view of completed epics to be based on the issue count from the 14.8 release on. They’re also provided with audit events for when users are impersonated by admins to be able to check who did what should there be the need.

Apart from that, GitLab 14.8 comes with a reworked pipeline view, removes empty configuration sections from .gitconfig files and cleans up configuration keys correctly to improve performance. It also simplifies the process of inviting groups and members, sports a badge indicating the latest release’s version number on the project page, and auto-completion for CI/CD keywords in the pipeline editor. 

With the release a new version of GitLab Runner was put into the open as well, which includes a native runner variant for the Apple M1 soc, variable support for services, and an option to specify maintenance-notes when registering a runner. Details are available on the GitLab blog.