The monthly GitLab update is here, adding a few bits to make pipelines more flexible while improving security and access management for those willing to pay for v14.3 of the DevOps platform.
For example, organizations with the Ultimate subscription can now manage secret detection scans and dynamic application security tests (DAST) through execution policies, making scans independent of the contents of the .gitlab-ci.yml configuration file. GitLab 14.3 is also the first release to use the company’s new proprietary SAST (Static Application Security Testing) engine as part of the Ultimate offering.
According to the release blog, the engine is supposed to “eliminate vulnerabilities that have been falsely reported by other integrated security tools” by using different program representations and a “novel pattern extraction language”. The long-term goals of the tool include better integrating security tests into the software development lifecycle and improving various types of tests.
To improve the scalability of a setup, Ultimate and Premium customers can now grant agents access to more than one group. Teams no longer need to register agents for all projects under an authorized group because everyone can automatically use the same agent for cluster access. Other enhancements available to paid subscribers include group-level permissions for protected environments and additional recordings of audit events when changing protected branch settings or approving merge requests.
However, GitLab 14.3 also brings a little more flexibility to CI / CD pipelines. the
include Keyword that is used to integrate external configurations into the pipeline can be combined with new
rules Conditions so that teams can define when to include a YAML. Once defined, rules can be reused in different jobs via
!reference Keywords. Another change to make writing pipelines a little easier is the ability to use variables in other variables, and there is an option to filter pipelines by source for better clarity.
Teams using GitLab’s Dependency Proxy have been given the opportunity to get details about cached container images through a GraphQL API that was introduced as part of the release. Details on other interesting additions, from Kubernetes 1.20 support to the display of user GPG keys and a multimedia preview in the wiki editor, can be found in the Share post.
GitLab Runner, the component that helps GitLab CI / CD run jobs in a pipeline, has a also update and now contains a feature flag so that the shell executor can clean up artifacts in the build directory. It also no longer considers all types of failed Docker image pulls as runner system errors, but differentiates between system and script errors.
The new version comes just a few days after the company submitted for an IPO, which had already been expected for 2020 but was postponed – presumably for pandemic reasons.