Petes Linkedin Blog

Recent high-profile supply chain and dependency confusion attacks have been a cross-industry wake-up call on the impact breadth and depth these value-chain or third-party attacks can have on customers, business operations, and brand reputation. Security teams know supply chain attacks aren't new – they've been around for decades. But, what may have once been considered mainly nation-state threats have now increased in prevalence and sophistication. Malicious actors are now setting their sights on widely used technology like software applications and code repositories to compromise unsuspecting suppliers. So how do we protect our customers and product? We're doing deep dives and making improvements across our product, processes, and practices as well as the controls we have in place for our partner and third-party vendor ecosystem to fortify the security of our supply chain. This blog post details our early steps to ensure packages and registries operate the way we expect ...

Today we are releasing version 13.12.1 for GitLab Community Edition and Enterprise Edition. This version resolves a number of regressions and bugs in this month's 13.12 release and prior versions. GitLab Community Edition and Enterprise Edition Add deprecation notice for implicit grant flow Fix pipeline security tab scanner filter not working Fix the Create new cluster feature Handle nil Content-Type in Service Desk emails Important notes on upgrading This version does not include any new migrations, and for multi-node deployments, should not require any downtime . Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updates . Updating To update, check out our update page . GitLab subscriptions Access to GitLab Premium and Ultimate features is granted by a paid subscription...

ARM-based processors have gained popularity due to their energy-saving capabilities and performance as shown in the recent adoptions by Apple. Previously a mainstay for mobile, edge, or small devices, ARM-based chips are now used for almost all types of systems, including servers.  This surge in the use of ARM-based systems means development toolchains have to support building for the ARM architecture reliably and efficiently. It is here where the GitLab Runner shines, allowing users to run CI/CD jobs on ARM servers. Coupling the GitLab Runner with the Oracle Cloud Infrastructure (OCI) offerings of ARM-based compute instances lets development teams have best in class CI/CD infrastructure to target both ARM and x86 architecture.   The recommended method of installing GitLab is using the automated deployment options for OCI by clicking the " Deploy to Oracle Cloud " button, which takes advantage of full-tested scripts for single click deployment through the OCI console.s. If...

This is the third in our three-part series on GitLab and Jira integrations. Part one explained how to integrate GitLab.com with Jira Cloud. Part two walked through a detailed explanation of integrating GitLab self-managed with Jira. After the integration is set up on GitLab and Jira, you can: Refer to any Jira issue by its ID in GitLab branch names, commit messages, and merge request titles. Using commit messages in GitLab, you have the ability to move Jira issues along that Jira projects defined transitions. Here you can see that this Jira issue has Backlog, Selected for Development, In Progress and Done. Issue View in Jira As referenced in the Base GitLab-Jira integration, when you comment in a merge request and commit referencing an issue, e.g., PROJECT-7, will add a comment in Jira issue in the format. In addition, by commenting in a jira transition (putting a “#” first), this will initiate the movement of a Jira Issue to the desired transition. Below is using the bu...

This month, we are excited to introduce usability and pipeline management improvements that strive to make your teams more productive, updates to make your deployments more secure, and insights to make your DevOps adoption more mature. These are just a few highlights from the 44 improvements in this release. Helping you manage security before it manages you To ensure your production environment is always secure, On-demand DAST scanning is now generally available for all GitLab Ultimate customers. These on-demand scans will allow you to scan an already deployed application or API in any of your configured environments outside of a CI/CD pipeline i.e., without requiring any code changes or merge requests to start a scan. The Semgrep SAST analyzer for JavaScript, TypeScript, and Python is also generally available. Semgrep's flexible rule syntax is ideal for streamlining the GitLab Custom Rulesets feature for extending and modifying detection rules, a popular request from GitLab ...