Petes Linkedin Blog

For three years in a row, our Global DevSecOps Survey found testing was the number one reason (by large margins) for release delays. A lack of automated software testing, combined with too many manual tests conducted too late in the process, was a story told time after time, and it certainly was one without any kind of happy ending. Despite the undeniable progress DevOps has brought to software development, integrating automated software testing into the lifecycle has remained an elusive goal for many teams. Here’s a look at why testing is such a difficult step to get right, and how an integrated DevOps Platform can bring much-needed structure to the process. The state of automated software testing According to our 2021 Survey , it’s safe to say respondents are frustrated with software testing. “Testing can be slow in both writing and running.” “Testing delays everything.” While there is forward momentum (almost 25% of teams say they’re fully automated - more than double the num...

Today we are releasing versions 14.3.1, 14.2.5, and 14.1.7 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab releases patches for vulnerabilities in dedicated security releases. There are two types of security releases: a monthly, scheduled security release, released a week after the feature release (which deploys on the 22nd of each month), and ad-hoc security releases for critical vulnerabilities. For more information, you can visit our security FAQ . You can see all of our regular and security release blog posts here . In addition, the issues detailing each vulnerability are made public on our issue tracker 30 days after the release in which they were patched. We are dedicated to ensuring all aspects of GitLab that are exposed to customers or that host customer data are held to the highest security standard...

The GitLab user profile contains information about you and your GitLab activity. You can select what information to display. We recently added a few new settings to make you user profile more personal: User pronouns User pronunciation guides User local times User pronouns You can now set pronouns to your GitLab user profile. The pronoun appears: Next to your user name in your public profile. On the snapshot view of your user profile when someone hovers over your name on an issue or merge request. Besides being more inclusive, GitLab wants to help you use the correct pronouns when replying to comments to respect people's identity. You can: Decide whether or not to add pronouns to your profile. Self-identify and enter whatever pronouns you want, without having to select from a pre-defined list. Read more about adding pronouns to your profile. User pronunciation You can now add a pronunciation guide to your user profile. In distributed teams where team members ar...

Since last June, we noticed the database on GitLab.com would mysteriously stall for minutes, which would lead to users seeing 500 errors during this time. Through a painstaking investigation over several weeks, we finally uncovered the cause of this: initiating a subtransaction via the SAVEPOINT SQL query while a long transaction is in progress can wreak havoc on database replicas. Thus launched a race, which we recently completed, to eliminate all SAVEPOINT queries from our code. Here's what happened, how we discovered the problem, and what we did to fix it. The symptoms begin On June 24th, we noticed that our CI/CD runners service reported a high error rate: A quick investigation revealed that database queries used to retrieve CI/CD builds data were timing out and that the unprocessed builds backlog grew at a high rate: Our monitoring also showed that some of the SQL queries were waiting for PostgreSQL lightweight locks ( LWLocks ): In the following weeks we had experi...

The semantic versioning (SemVer) specification can be considered the de-facto standard for tracking software states during its evolution. Unfortunately, in reality many languages/ecosystems practice "SemVer versioning" and have not adopted the standard as-is; instead we can find many different semantic versioning flavors that are not necessarily compatible with the original SemVer spec. SemVer Versioning has led to the creation of a variety of different semantic versioning schemes. GitLab provides a Dependency Scanning (DS) feature that automatically detects vulnerabilities in the dependencies of a software project for a variety of different languages. DS relies on the GitLab security advisory database that is updated on a daily basis providing information about vulnerable packages that is expressed in the package-specific (native) semantic version dialect. GitLab also recently launched a free and open-source GitLab community security advisory database . At GitLab we use...