Petes Linkedin Blog

On Aug. 24, 2020, Docker announced changes to its subscription model and a move to consumption-based limits. These rate limits for Docker pulls of container images go into effect on Nov. 1, 2020. For pull requests by anonymous users, this limit is now 100 pull requests per six hours; authenticated users have a limit of 200 pull requests per six hours. As members of the global DevOps community, we have all come to rely on Docker as an integral part of CI/CD processes. So it is with no surprise that at GitLab, we have heard from several community members and customers seeking guidance on how the Docker rate limit change may affect their production CI/CD workflows. If you are a user or customer on GitLab SaaS We utilize Google's Docker Hub images mirror. This means that GitLab.com users' CI jobs won't be affected by the new pull policy. We will continue to monitor the impact of the changes once they go into effect at Docker. If you self-host GitLab Runners The administra...

Docker Hub recently announced and will soon enforce rate limits on pull requests from Docker Hub . Starting Nov. 2, 2020, pull rates will be limited based on your individual IP address for anonymous users or on your pricing tier if you are authenticated and signed in. When I first read about the change, I thought, "We have to tell people about the Dependency Proxy," which is meant for proxying and caching images from Docker Hub. Unfortunately, the Dependency Proxy has several limitations that will prevent you from relying on it to solve this rate-limiting issue. However, we arrived at a key question during the evaluation process: " Should proxying and caching images from Docker Hub be an open source feature? " The short answer is yes. At GitLab, to determine what is open source and what is not, we ask ourselves: Who cares the most about the feature? Pulling images from Docker Hub is done every day by all types of developers. By supporting proxying and caching i...

This is the fourth and final part of our series on the future of software development. Part one examined how the software developer role is changing . Part two highlighted “future” technologies likely to impact the way software is created . Part three looked at the role artificial intelligence (AI) will play in software development . Changing roles, emerging technologies, and the promise (or threat) of artificial intelligence are colliding, creating a critical question for software developers: how should you future-proof your career? Anyone in the technology industry knows change is both swift and expected – remember Moore’s Law ? But there’s change and then there’s a “big C” Change that would impact skills and potentially careers. The World Economic Forum, writing on the Pluralsight blog , shared a worrisome observation about the future: “Across nearly all industries, the impact of technological and other changes is shortening the shelf-life of employees’ existing skill sets… ” So...

   This blog post is Unfiltered    We know spam can be a big problem. Beyond being annoying, abusive behavior, we know it affects workflows and performance and puts a strain on rate limits and brand reputation. We’re here to help. Our security team works around the clock to actively detect and mitigate spam for GitLab.com users and our product utilizes filters, captcha and user-defined configuration to help self-hosted instances prevent and mitigate spam and abuse. But, there’s always more that can be done. Below, we detail the work we do to protect .com users, offer up tips and best practices for self-hosted users, and talk about some new automation and tooling we’re exploring that will help all users prevent spam. How we work to detect and mitigate spam on GitLab.com Our Trust and Safety team works to investigate and protect against the malicious use of GitLab.com and it’s associated features and tools with the goal of making our product safer for our customer...

Just recently, Gartner recognized DevOps Value Stream Delivery Platforms as an emerging category in the software marketplace by publishing the new Market Guide for DevOps Value Stream Delivery Platforms (what we're calling a DevOps Platform). The Gartner report may not include the name "Kamil Trzciński," but I want to recognize his contributions to this DevOps Platform category. If it weren't for his idea, we wouldn't have launched GitLab as an all-in-one, single DevOps application . It's a product that changed how engineers build software. It all started in 2015 with a GitLab runner that was built by one of the contributors from the wider community, Kamil Trzciński , who is now a distinguished engineer, Ops and Enablement, at GitLab. He wrote a runner that was faster, easier to run in parallel, easier to install, and easier to contribute to. We liked his runner so much that we deprecated ours to use his, and asked him to join our engineering team. At that ...

This is the third in our four-part series on the future of software development. Part one examines the changing developer role and part two takes a deep dive into emerging technologies with the potential to impact development. Artificial intelligence has often been dismissed as a promising technology breakthrough that somehow remains out of reach, particularly when it comes to software development. The role of AI in software development has been written about for years and not much substantive has come of it. But the stars may be aligning now. Developers are intrigued, and we can see that by looking at the growing popularity of the Python programming language. Stack Overflow’s annual survey shows Python’s rise in "popularity" and "interest" based on the number of questions members asked about it. It’s certainly the go-to language for ML-powered chat bots . And in our 2020 Global DevSecOps Survey , close to one-quarter of developers surveyed said that an under...

Infrastructure spend optimization is a hot topic these days as many established companies are migrating workloads to the cloud. Similarly, fast-growing startups are struggling to control their operating costs as they expand their cloud footprint to meet user demand. At GitLab we have taken a methodical and data-driven approach to the problem so we can reduce our cloud spend and control our operating costs, while still creating great features for our customers. We designed a five-stage framework which emphasizes building awareness of our infrastructure spend to the point where any change in costs is well understood and no longer a surprise. Our framework is very similar to a normal data maturity framework (shown below) that would progress through descriptive, predictive, and finally prescriptive analytics, but we tailor it specifically for this domain. I'll explain each stage and what it looks like at GitLab so you can see how you might apply it to your own organization. A norma...

   This blog post is Unfiltered    ​ The beginning of this month marked my first year working at GitLab. Before joining the GitLab team, I'd been doing security consulting and penetration testing for my entire career. I didn’t change jobs much until last year … actually I haven't at all. I'd been happily hacking all the things over at Recurity Labs since 2007. I would like to use my first anniversary here at GitLab to compare both sides, namely penetration testing and security consulting versus the product security side of security. Nowadays, I’m working on the Security Research team here at GitLab. A lot of my work is closely interwoven with the Application Security team: reviewing features and merge requests, and responding to pings asking for security advice. It appears a bit like in-house security consulting, but in reality, the work is much broader in general and I’ll outline the main differences here in this post. ​ Distractions ​ I was a bit baffled whe...

   This blog post is Unfiltered    Fuzzit Story Fuzzit started in early 2019 by myself as a spin-off project from my consulting company. The consulting revenue gave me the opportunity to dedicate time and explore the fuzzing-as-a-service idea a bit more without taking VC money too early and becoming “locked-in”. After about 6 months, Fuzzit started gaining traction and becoming a leader in the open-source community. Being the first commercial product to offer languages such as: Go, Rust and more, while at the time OSS-Fuzz only supported C/C++ and wasn’t available for all oss projects. After about 8 months once the product matured thanks to input from the open-source users, we went exploring the enterprise market more deeply. We developed that in 3 main directions: Enterprise clients interviews and PoCs, Partnerships with various CI providers to expand the reach. Enterprise focused VCs In that process we were lucky to meet with GitLab, where after a few ca...

Today we are releasing version 13.3.8 for GitLab Community Edition and Enterprise Edition. This version resolves a number of regressions and bugs in August's 13.3 release . GitLab Community Edition and Enterprise Edition Update object_storage.md to fix the object store connection using iam Make SSH keys publicly accessible Add missing fa- icons for file_type_icon_class Handle 500 error for GraphQL "configureSast" mutation Use our mirror of Helm stable repo Geo: Fix documentation typo Geo: Fix "Project/wiki/design repo not able to resync after storage move" Important notes on upgrading This version does not include any new migrations, and for multi-node deployments, should not require any downtime . Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updat...

Kubernetes does not come secure out of the box. There is a lot of configuration needed to achieve a secure cluster. One important security configuration to consider is how pods communicate with each other. This is where Network Policies come into play, making sure that your pods are not exchanging data with unknown or malicious sources, which can compromise your cluster. Network Policies are rules on how pods can communicate with other pods as well as endpoints. They are pretty much a firewall for your internal cluster network. GitLab provides Container Network Security using Cilium as a GitLab-managed application . Cilium is a CNI network plugin for Kubernetes that can be used to implement support for Network Policies. The video below provides an introduction on how to easily implement Network Policies from GitLab, as well as a demo on testing Network Policies: Network Policies in action There are many different ways of configuring Network Policies within your Kubernetes clus...

Today we are releasing version 13.5.1 for GitLab Community Edition and Enterprise Edition. This version resolves a number of regressions and bugs in this month's 13.5 release . GitLab Community Edition and Enterprise Edition Add docs on the inclusion of LFS files in archives Update GitLab Shell to v13.11.0 Revert clickable links on logs Resolve "QA tests failing after group was explicitly set for repositories_storages" Important notes on upgrading This version does not include any new migrations, and for multi-node deployments, should not require any downtime . Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updates . Updating To update, check out our update page . GitLab subscriptions Access to GitLab Starter, Premium, and Ultimate features is granted by a pa...

When you think about security you probably imagine locks, gates, and closed systems. This is the more traditional approach to security but modern security is much more open and collaborative. If you want to build the most secure systems, there is nothing better than building those systems in the open. Open security practices allow you to get fast feedback from a broad audience with diverse perspectives, helping you build better more holistic solutions. That's our approach to building GitLab Secure at GitLab. We're leveraging amazing open source security projects, the collective contribution of the wider community, and providing an open integration system for anyone to build on top of GitLab security scanners. Shifting left Traditional security approaches are opaque and late in the development life cycle. Security scans are performed by isolated security experts long after developers write code, often after it's deployed to production. GitLab aims to make security an inte...

One of GitLab’s core values is collaboration and it's a key part of DevOps. This month we have several features aimed at collaboration among your team, across your tools, and with your peers as part of the 60 improvements packed into this release. Mobile application security scanning Community contributions are one of the best kinds of collaboration! One of our customers embraced our security scanning capabilities to shift left and empower developers to find and fix security flaws, yet they also wanted the same abilities for iOS and Android mobile applications. Using our integration guidance , they brought MobSF into the merge request pipeline and the security dashboards alongside SAST and all the other GitLab security scan results. For their contribution, Brian Williams and the H-E-B Digital team are this month’s MVP . This new Mobile SAST language coverage, combined with our existing fuzz testing for Swift and Java projects, now offers a valuable security testing solutio...