Petes Linkedin Blog

We've heard – and used – the term 'multicloud' for a while now but, like most industry terms, it can be defined differently by different groups. So in our just released 2020 Global DevSecOps Survey we asked 3652 people from 21 countries across 19 job categories what multicloud actually means to them. The majority of respondents (36%) said multicloud means the ability to deploy some applications on Azure, some on AWS, and some on Google. Almost 35% said they thought it meant deploying applications across multiple cloud providers with different components on different clouds. And finally almost 29% said it meant being able to move an app from one cloud provider to another. It got even more interesting when we asked them to describe how multicloud is used in their organizations. A clear majority aren't doing "multicloud" yet - their teams use one cloud provider only, or none at all. (For context, over 18% of survey respondents said their organizations are not ...

The KDE community is #movingtogitlab! After announcing the original decision to migrate to GitLab in November 2019, KDE has officially completed phase one of their migration, and contributors have begun to use GitLab on a daily basis at invent.kde.org. Read on to learn more about KDE's migration story. About KDE KDE is an international community that creates open source software for desktops and mobile devices. KDE software is compatible with multiple platforms, including GNU/Linux, FreeBSD, Windows, macOS, and Android. Their products are used by millions of home and office workers and are being deployed in schools around the world. With more than 2,700 artists, designers, programmers, translators, writers, and other contributors from across the globe, the KDE community is thriving. Together, this community creates and maintains more than 200 applications and countless add-ons, plugins, and Plasmoids, 1000+ repositories, 80+ frameworks for Qt developers, and more than 2,600 pr...

If you’ve ever used a cell phone, then you’ve likely heard of T-Mobile, the global wireless network provider that serves over 86 million customers annually with streaming services, personal banking, and roadside assistance. After its recent merger with Sprint, T-Mobile is now the United States’ second-largest wireless carrier and the only one providing 5G nationwide. T-Mobile has approximately 5,000 developers who are constantly working towards improving software engineering techniques for customer satisfaction. Chris Hill, senior manager, software development, recently presented a talk called "Chasing Unicorns" at T-Mobile, where he discussed how to increase the throughput paradigm for high-performing teams with its newly formed continuous delivery platform. Challenges with enterprise delivery Developer platforms are systems used in between the steps of phase and production. Nearly every change that goes through the software development lifecycle will touch one or more o...

Today we are releasing version 12.10.12 for GitLab Community Edition and Enterprise Edition. This version resolves a number of regressions and bugs in this month's 12.10 release and prior versions. Manually disable copy_file_range() on RedHat kernels Fix geo timeout issue with pg-upgrade Important notes on upgrading This version does not include any new migrations, and should not require any downtime. Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updates . Updating To update, check out our update page . GitLab subscriptions Access to GitLab Starter, Premium, and Ultimate features is granted by a paid subscription . Alternatively, sign up for GitLab.com to use GitLab's own infrastructure. from GitLab https://ift.tt/2B10X7Z #GitLab #DevSecOps

Today we are releasing version 13.0.7 for GitLab Community Edition and Enterprise Edition. This version resolves a number of regressions and bugs in last month's 13.0 release and prior versions. Group authorization refresh to consider shared groups Pass int when getting I18n VSA stage summary title Use ProxyVariableSubstitutionService for variable substitution in alerts Fix relative URL root in wiki_base_path Adjust wrong column reference for ResetMergeStatus (background job) Fix geo timeout issue with pg-upgrade Manually disable copy_file_range() on RedHat kernels Fix Auto DevOps Postgresql PVC deletion Periodically recompute project authorizations Load user before logging git http-requests Important notes on upgrading This version does not include any new migrations, and should not require any downtime. Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can ...

   This blog post is Unfiltered    One of the benefits of being a part of the Monitor:Health group is that each team member is given the opportunity to shadow Site Reliability Engineers (SREs) for one week - allowing engineers to be involved in an SREs day-to-day activities. This is a good experience for our team because we are working on building Incident Management into GitLab. More specifically, shadowing an SRE gives team members a better understanding about what tools are typically used and why they are important. This understanding helps the team build better features in support of the Incident Management vision (Alert Management, Error Tracking, Status Page ). At first, I wasn’t really excited about participating in the SRE shadow program. I only had a vague understanding of why it would interest or be beneficial to me. Though as it happened, shadowing an SRE turned out to be an invaluable experience. Seeing an SRE in action is fascinating and opens the do...

GitLab has a GPG key used to sign all Omnibus packages created within the CI pipelines. This key is set to expire on 2020-07-01 and will be extended to expire on 2021-07-01. Why is this being done? The package signing key is set to a yearly expiration time to limit the exposure should the key be compromised and to comply with GitLab security practices. Generating a new key each year is much more obtrusive than continually extending the expiration time. What do I need to do? The only action that needs to be taken is to update your copy of the package signing key if you validate the signatures on the Omnibus packages that GitLab distributes. The package signing key is not the key that signs the repository metadata used by the OS package managers like apt or yum . Unless you are specifically verifying the package signatures or have configured your package manager to verify the package signatures, there is no action needed on your part to continue installing Omnibus packages. More ...

When trying out a new vendor, you want to ensure the company meets your organization’s security policies. Often, we receive questionnaires from our customers to validate our security posture and to understand the maturity of GitLab’s security program. As a rapidly growing company, we are in a fortunate position to have a lot of new customers sign up for our solution. We want our customers to have confidence in our offering from a security perspective, and we want to be able to provide that assurance in the most transparent and accessible way possible. To demonstrate our commitment to security and compliance and to provide customers with an insight into our security maturity, we have pursued (and continue to pursue) a number of programs and accreditations. We’re excited to share that information with you. SOC 2 Report SOC 2 is a security control report developed by the American Institute of Certified Public Accountants (AICPA) designed to give a holistic view of the design and eff...

Today we are releasing version 13.1.1 for GitLab Community Edition and Enterprise Edition. This version resolves a number of regressions and bugs in this month's 13.1 release and prior versions. Bump gitlab-mail_room to 0.0.6 Load user before logging git http-requests Do not mask key comments for DeployKeys Fix templating vars set from URL in Metrics Dashboards Periodically recompute project authorizations Fixes status dropdown Update to Grafana 7 Manually disable copy_file_range() on RedHat kernels Important notes on upgrading This version does not include any new migrations, and should not require any downtime. Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updates . Updating To update, check out our update page . GitLab subscriptions Access to GitLab Starter, Pr...

GitLab is a Ruby-on-Rails application that processes a lot of data. Much of this processing can be done asynchronously, and one of the solutions we use to accomplish this is Sidekiq which is a background-processing framework for Ruby. It handles jobs that are better processed asynchronously outside the web request/response cycle. There are a few terms that that we'll use in this post: A worker class is a class defined in our application to process a task in Sidekiq. A job is an instance of a worker class, so each job represents a single task. A queue is a collection of jobs (potentially for different worker classes) that are waiting to be processed. A worker thread is a thread processing jobs in particular queues. Each Sidekiq process can have multiple worker threads. Then there are two terms specific to GitLab.com: A Sidekiq role is a configuration for a particular group of queues. For instance, we might have a push_actions role that is for processing the post_rec...

Speed is required to stay competitive – nearly 83% of our 2020 Global DevSecOps Survey respondents said they’re releasing code faster than ever with DevOps. With the pace of work accelerating, some important details are easily overlooked or underestimated – like security. Think back to the last several projects your team has launched. Did security testing begin late in your software development lifecycle (SDLC)? Was too much time wasted on friction between siloed development and security? Was the project delayed due to inefficient handoff between teams, lack of visibility across systems, or lack of planning and consideration? All of these are symptoms of outdated security practices trying to fit into your DevOps or Agile methodologies. Upgrade your organization to DevSecOps by shifting left: Bring security to the front of your development pipeline. Security is changing – with a long way to go Security respondents in our 2020 Global DevSecOps Survey report changes in their roles: B...

Like many open source projects, we have a community dashboard at GitLab and one of the metrics that a few of us were occasionally checking on was the number of Contributors . This is the number of wider community members who had merge requests (MRs) merged with the Community contribution label across all projects at GitLab. There were some virtual high fives a few weeks ago when the number crossed the 3,000 threshold. There is probably a tendency to place oversized importance on nice round numbers, because if you really think about it the GitLab community wasn't any different at 2,999 vs. 3,000 contributors. However, it was a great occasion to celebrate the continued growth of the wider GitLab community. Community dashboard screenshot from April 23, 2020 The past few months have been a challenging time due to Covid-19, and there was talk in open source circles about the pandemic's potential impact on contributions to open source projects. As people were trying to sort out ...

GitLab 13.1 is now available, bringing you expanded alert management , new tools to help you track and improve code quality , and more ways to keep your code secure and compliant . Automate and expand Alert Management Alerts are essential to application maintenance, but understanding and triaging the range of alerts thrown can dramatically reduce productivity and response time. GitLab’s Alert Management aggregates and ranks IT alerts from all of your services to simplify assessment and remediation, increasing productivity and helping you research and address critical issues right away. Key features in 13.1 include alert assignments , Slack integration , and creating GitLab To-Dos when assigning alerts . Improve code quality Deployment velocity only matters if you’re deploying high quality code. By prioritizing tests on recently modified code , developers can address errors immediately, without running an entire test suite. Code coverage tracking over time surfaces quality trends ...