GitLab 11.1 devops tool improves security controls

Code searching and the user interface also see improvements

Paul Krill Jul 25th 2018
security-controls.jpg

GitLab, a devops platform based on the Git software version control system, gains increased visibility into security with its Version 11.1 release, as well as other enhancements.

The new security dashboard reports on the latest security status of each project’s default branch. Security teams can determine if something is wrong and take actions if needed. The dashboard can be used to dismiss false positives or create issues to solve vulnerabilities. Teams can also adjust the criticality weight of vulnerabilities. The security dashboard resides in the Project menu of a project’s side navigation.GitLab Version 11.1 also adds Static Application Security Testing (SAST) for Node.js, for spotting code vulnerabilities when changes are committed to a repository. SAST support was already available for C, C++, Go, Java, and Python.

Other new capabilities in GitLab 11.1 include:

  • Improved code-searching capabilities, including advanced syntax search for filtering by file name, path, and extension.
  • Performance improvements, such as a fix for the pagination of webhooks, ensuring the page for editing these hooks does not time out.
  • GitLab Runner 11.1, for running CI/CD jobs, has been released with GitLab 11.1, with improvements such as better Docker time-outs and the ability to sign RPM and DEB packages.
  • The configurable issues board is now accessible via the GitLab API. This enables custom workflows.
  • Projects can be transferred between namespaces via an API.

GitLab 11.1 also has several UI enhancements:

  • The revamped UI features the redesigned merge request widget and the more readable contribution analytics page.
  • The UI offers a merge request panel in the web IDE, in which a merge request can be opened side by side with code in the IDE.
  • For switching between groups, a dropdown menu has been added to the groups link in the top navigation, for quicker access.
  • A redesign of milestone list pages is the first step in simplifying the design, with the goal of letting teams better manage milestones.
  • An issue can be set as confidential via a quick action from the issue comment field.
  • The Kubernetes page design has been improved, using tabs for each option when adding a cluster.