Software update: GitLab 13.12

You can compare GitLab with the more famous one GitHub, but contains some subtle differences. It is an environment for managing Git repositories on-premises. It is released under the MIT Expat license and developed in Ruby on Rails. It is available in three versions, namely the free to use Community Edition and two paid Premium and Ultimate editions, with more features aimed at large companies. The different flavors are on this page explained. The development team released GitLab 13.12 with the following announcement:

GitLab 13.12 released with On-Demand DAST and Deployment Frequency Chart

This month, we are excited to introduce usability and pipeline management improvements that strive to make your teams more productive, updates to make your deployments more secure, and insights to make your DevOps adoption more mature. These are just a few highlights from the 44 improvements in this release.

Helping you manage security before it manages you
To ensure your production environment is always secure, On-demand DAST scanning is now generally available for all GitLab Ultimate customers. These on-demand scans will allow you to scan an already deployed application or API in any of your configured environments outside of a CI / CD pipeline ie, without requiring any code changes or merge requests to start a scan.

The Semgrep SAST analyzer for JavaScript, TypeScript, and Python is also generally available. Semgrep’s flexible rule syntax is ideal for streamlining the GitLab Custom Rulesets feature for extending and modifying detection rules, a popular request from GitLab SAST customers. It also allows GitLab customers access to Semgrep’s community rules. Thanks to the community contribution from @ proletarius101, we are also extending the Mobile Application Security Testing to support .ipa (iOS) and .apk (Android) binary files, in addition to Xcode projects and Android manifest files that are already supported.

Many customers integrate their existing scanners into GitLab to benefit from a unified view. The Project Vulnerability Report now gives you the ability to filter by scanner and vendor, allowing you to filter scan results for only third-party scanners or for all scanners including those from GitLab.

Application Security is a key focus area for GitLab for this year and your feedback is important to us. As the preference of web application development shifts rapidly towards building JavaScript-heavy and single-page applications, we have identified a need for a purpose built tool that provides more application testing coverage than a traditional proxy based crawler. We are inviting GitLab Ultimate customers to a public beta for a new browser-based crawler for DAST which is expected to provide significantly better security testing coverage for these modern applications compared to our current proxy-based crawler.

Easier pipeline management for enhanced usability
Pipelines are at the heart of our customers’ CI / CD success, and we want to make it easier to use for new and experienced users of GitLab. The pipeline editor will now come with a collapsible panel of guided instructions that will help new CI / CD users create their first pipeline in a breeze.

For experienced CI / CD users that require more flexibility in creating their pipelines, we are now supporting wildcards in the include: keyword that will help you break your .gitlab-ci.yml file into multiple smaller files to improve reusability and readability. We also introduced the ability to define variables within rules, giving you the flexibility to set pipeline variables when certain conditions are met. Defining complex pipelines means there could be dependencies between jobs. The pipeline graph now shows dependencies between jobs, which is helpful to visually track and understand the expected order in which the jobs will be run.

Insights to improve your DevOps maturity
You cannot fix what you cannot measure. In that spirit, we are continuing to natively support DORA4 metrics. We are happy to announce the introduction of a group-level deployment frequency chart, which will help you understand the efficiency of your deployments over time, find bottlenecks, and focus on improvement areas that span across your projects and teams.

Value stream analytics help you identify inefficiencies and identify the root cause of those inefficiencies in your workflow. In 13.12, we have introduced pagination and sorting of workflow items, which allows you to easily visualize and sort items in a specific stage to pinpoint bottlenecks. The Days to Completion chart has been updated to show the average time to completion, which helps identify meaningful trends over time.

In this release, thanks to the community contribution from @leetickett, we introduced the ability to view a time tracking report within an individual issue or merge request to provide visibility into how much time each contributor spent.

For many of our customers, merge requests are the central space for collaboration. We have introduced the ability to see code quality violations and screenshots of failed tests within the merge request to give you necessary context as a part of your normal workflow within GitLab.

And so much more!
We continue to invest in improving the product usability in every release. Some of our favorite quality of life improvements in 13.12 include:

  • Added total group and project count to admin users table
  • Bring your own Elastic Stack
  • Create incidents via API
  • Warn administrator when removing an on-call user
  • Deleting deploy keys will inform the user if in use

Version number 13.12
Release status Final
Operating systems Linux
Website GitLab
Download https://about.gitlab.com/downloads
License type Conditions (GNU / BSD / etc.)

Leave a comment