Petes Linkedin Blog

Shifting Dynamic Application Security Testing (DAST) left can help to detect security vulnerabilities earlier in the software development lifecycle (SDLC). However, testing earlier and more often in the SDLC comes with its own set of challenges: an abundance of alerts from automated security tools and a high computational cost caused by frequent and long-running CI security jobs. In this blog post, I’ll walk you through how we configured DAST for the internal pipeline that tests the GitLab web application. We’ll discuss some of the common challenges that you might encounter when testing large applications, such as: How to keep the duration of the DAST scan within an acceptable job timeout : This matters because jobs that exceed timeouts will fail and no results will be displayed. We will review how to optimize scan duration by excluding low-risk parts of the application from being tested, by correctly seeding your application with test data, and by parallelizing the DAST job. H...

Today we are releasing version 13.3.2 for GitLab Community Edition and Enterprise Edition. This version resolves a number of regressions and bugs in this month's 13.3 release and prior versions. GitLab Community Edition and Enterprise Edition Prevent accidental group deletion if path rename fails Fix create snippet disabled on empty file path Fix race condition in concurrent backups Fix exception handling when a concurrent backup fails Fix hanging info refs cache when error occurs Important notes on upgrading This version does not include any new migrations, and should not require any downtime. Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updates . Updating To update, check out our update page . GitLab subscriptions Access to GitLab Starter, Premium, and Ultimate f...

   This blog post is Unfiltered    Like many of you, when COVID-19 began to spread in the Spring of 2020, I never imagined just how much my life would change. While I personally was accustomed to working remotely, my husband and children certainly were not. As the pandemic continues, parents around the world are faced with a new challenge: how to simultaneously manage their careers and their children’s educational needs. The risks, at times, can feel insurmountable. I went through every emotion this summer as I tried to strategize for what pandemic-driven remote learning would look like for my family. And then I realized, why am I trying to recreate the wheel? As an all-remote company, GitLab’s values and all-remote culture provide a proven model for successfully managing a remote workforce. So why not try it out with my kids? So with that knowledge and appreciation, I decided to utilize the basic principles of risk management to manage my family’s work and lea...

   This blog post is Unfiltered    One of the challenges in a rapidly growing engineering organization is determining how your organization’s productivity scales over time. Companies that grow quickly often face a slow down in output because of inefficiencies and communication challenges. For example, a task that you used to be able to ask another coworker to do may now need a comprehensive approval flow. At GitLab, we went from 100 to 280 engineers in 1.5 years. As a startup, it was critical that we continued our momentum of: As a result, we created several Key Performance Indicators (KPIs) and Performance Indicators (PIs) around this: Throughput Product MRs Review to Merge time (RTMT) Development Department Member MR Rate Say Do Ratio Product MRs by Type The primary one that is often discussed in engineering leadership at GitLab is Merge Request (MR) Rate. In this article, I’ll do a deep dive into how we measure engineering productivity at GitLab usi...

Today we are releasing version 13.3.1 for GitLab Community Edition and Enterprise Edition. This version resolves a number of regressions and bugs in this month's 13.3 release and prior versions. GitLab Community Edition and Enterprise Edition Fix a bug with promoting Issues with attachments to Epics Geo: Apply selective sync to container repo updates Geo: Apply selective sync to design repo updates Avoid creating diff position when line-code is nil Important notes on upgrading This version does not include any new migrations, and should not require any downtime. Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updates . Updating To update, check out our update page . GitLab subscriptions Access to GitLab Starter, Premium, and Ultimate features is granted by a paid subsc...

You call yourself a DevOps professional but do you know the definitions of yak shaving, Yoda conditions or baklava code? We didn’t think so. Here’s a look at 10 DevOps terms even seasoned pros might not have encountered. And if you think there are some obscure ones we missed, please tell us about it here . We are working on a comprehensive GitLab guide to DevOps terms. Baklava code Baklava is a dessert made up of many layers of thin phyllo dough – which is notoriously difficult to work with. Baklava code is the same: Lots of thin layers of code which makes it too fragile to stand up to real world use. Dark launch A dark launch usually refers to a partial or incomplete release of a feature or features without any announcement. This under-the-radar release is a way to gather performance and testing data without the pressure of public input, because the features haven’t actually been talked about. Dead code Code is considered "dead" if it lives in a program but actually...

GitLab is pleased to announce that we are now a Kubernetes Certified Service Provider (KCSP). KCSP is run by the Cloud Native Computing Foundation (CNCF) in collaboration with the Linux Foundation. The intention behind the KCSP program is to ensure that enterprises get the support they need to roll out applications to production Kubernetes environments. GitLab, through its KCSP status, wants to help organizations to adopt a cloud native approach for their business objectives. Container and Kubernetes Adoption A recent CNCF report shows that the use of containers in production has jumped from 23% in 2016 to 84% in 2019. According to another CNCF survey , cloud native technologies have become mainstream and many CNCF projects have adopted GitLab for their project needs. Kubernetes has emerged as the orchestrator of choice for organizations embarking on cloud native initiatives. Kubernetes helps organizations achieve container operational efficiencies and make developer interactions e...

DevSecOps helps teams detect and resolve faults and vulnerabilities early in the software development process. In GitLab 13.3, building secure software is easier with fuzz testing in your development workflow. With coverage-guided fuzz testing and on-demand DAST (Dynamic Application Security Testing) , discovering real-world software vulnerabilities is faster and more efficient. At the same time, releasing code more frequently is made simpler with the new build matrix for CI/CD . Finally, the Pod health dashboard increases Ops' efficiency by reducing their context switching: all Kubernetes pods health primitives are in the dashboard. We hope that you find these top features, and the 69 new features packed in this release, useful. Faster remediation: Find and prevent defects and vulnerabilities earlier With coverage-guided fuzz testing , it's now easier to efficiently surface and solve vulnerabilities in C, C++, and Go. In GitLab 13.3 all our SAST (Static Application Securi...