GitLab 14.3 first proprietary SAST engine, adds flexibility to pipelining • DEVCLASS


GitLab’s monthly update has arrived, adding a few things to make pipelines more flexible while looking to improve security and access management for those willing to pay for v14.3 of the DevOps platform.

Organizations with an Ultimate subscription, for example, are now able to manage secret detection scans and dynamic application security testing (DAST) through execution policies, making scans independent of file file content. config .gitlab-ci.yml. GitLab 14.3 is also the first release to use the company’s new proprietary Static Application Security Testing (SAST) engine as part of the Ultimate offering.

According to the blog post, the engine is intended to “eliminate vulnerabilities that may have been falsely reported by other built-in security tools” through the use of different program representations and a “new extraction language of models”. The tool’s long-term goals include better integrating security testing into the software development lifecycle and improving various types of testing.

To improve the scalability of a configuration, Ultimate and Premium customers can now allow agents to access multiple groups. Teams no longer need to register agents for all projects in an allowed group, as they can all automatically use the same agent for cluster access. Other enhancements available to paid subscribers include group-level permissions for protected environments and additional audit event logging when changing protected branch settings or merge request approvals.

However, GitLab 14.3 also brings more flexibility to CI/CD pipelines. the include the keyword used to make external configurations part of the pipeline can be combined with new ones rules conditions, allowing teams to define when a YAML should be included. Once defined, rules can be reused in different jobs via !reference Keywords. Another change intended to make pipeline writing a bit easier is the ability to use variables inside other variables, and there is an option to filter pipelines by source for a better overview.

Teams using GitLab’s Dependency Proxy now have the ability to retrieve details about cached container images through a GraphQL API that was introduced as part of the release. Details on other great additions, ranging from Kubernetes 1.20 support to user GPG key displays and a media preview in the Wiki editor, can be found in the release station.

GitLab Runner, the component that helps GitLab CI/CD run tasks in a pipeline, got a also update and now includes a feature flag for the shell runner to clean up artifacts in the build directory. It also no longer considers all sorts of failed Docker image pulls as runtime system failures, but distinguishes between system errors and script errors.

The new release comes just days after the company filed for an initial public offeringwhich was already planned for 2020, but had been postponed – presumably for pandemic reasons.


About Author

Comments are closed.