Petes Linkedin Blog

Today we are releasing versions 14.9.2, 14.8.5, and 14.7.7 for GitLab Community Edition (CE) and Enterprise Edition (EE). Please note, this critical release will also serve as our monthly security release for March. We strongly recommend that all GitLab installations be upgraded to one of these versions immediately. These versions contain important security fixes. GitLab.com is already running the patched version. GitLab releases patches for vulnerabilities in dedicated security releases. There are two types of security releases: a monthly, scheduled security release, released a week after the feature release (which deploys on the 22nd of each month), and ad-hoc security releases for critical vulnerabilities. For more information, you can visit our security FAQ . You can see all of our regular and security release blog posts here . In addition, the issues detailing each vulnerability are made public on our issue tracker 30 days after the release in which they were patched. We are ...

Interactive training labs are now available within the GitLab DevOps platform from Kontra Application Security, a ThriveDX company. This integration allows GitLab users to access Kontra’s interactive security training modules from the familiar Merge Request (MR) and pipeline experiences to quickly learn about and fix vulnerabilities reported through automated security scans. Kontra’s content is also available in GitLab’s vulnerability management features, providing the same easy access to training on vulnerabilities identified from these same security scans, as well as other sources such as penetration tests or bug bounty programs. By putting interactivity into our learning simulations, we put the developer first, helping them to understand the risk and impact of a vulnerability from an attacker's perspective. The benefits of interactive developer security education As enterprise developers become increasingly responsible for the security and integrity of their applications, the...

It is possible to use GitLab as a best-in-class GitOps tool, and we are going to show you how. This is the eighth installment in a series of easy-to-follow tutorials. The posts focus on different user problems, including provisioning, managing a base infrastructure, and deploying various third-party or custom applications on top of them. Read the previous posts: Here's how to do GitOps with GitLab Infrastructure provisioning with GitLab and Terraform Connect with a Kubernetes cluster How to tackle secrets management The CI/CD Tunnel Auto DevOps GitOps-style application delivery In this article, we will build upon the first few articles, and will turn a GitLab agent for Kubernetes installation to manage itself. This is highly recommended for production usage as it puts your agentk deployment under your GitOps project, and enables flawless and simple upgrades. Prerequisites This article builds on a few previous articles from this series and makes the following assumptio...

The U.S. government, in March, released an update to its framework to secure agencies’ software supply chains, which are under increasing risk of attack . The National Institute of Standards and Technology (NIST) unveiled the Secure Software Development Framework (SSDF) 1.1, which calls for tighter controls throughout the software development lifecycle and describes a set of best practices for organizations – and their third-party suppliers – to follow. The SSDF focuses on how organizations can protect software supply chains, regardless of technology, platform, programming language, or operating environment, in large part by introducing security early in the DevOps process. There are four key requirements: prepare the organization protect software (all components of the software should be safe from tampering and unauthorized access) produce well-secured software (with minimal security vulnerabilities in its releases) respond to vulnerabilities “The goal of the SSDF, in...

Busy developers want to write secure code and fix any issues. But they often lack the time and resources to get it done efficiently. To resolve vulnerabilities faster, developers need actionable advice from trusted sources of secure coding right inside the tools they use every day. Secure Code Warrior is proud to partner with GitLab to enable developers to ship safe code faster, utilizing actionable and highly relevant secure coding guidance that is accessible from within GitLab’s DevOps Platform . This integration was announced as part of GitLab’s 14.9 release . Empower developers with actionable guidance integrated inside GitLab GitLab is enabling developer-led security by getting scan results into the hands of those who can make fixes fast. Secure Code Warrior further strengthens this vision by bringing to GitLab some of the world’s largest secure coding and remediation content (6500+ interactive coding challenges, 56+ languages:frameworks, 150+ vulnerability categories) that is...

Today we are releasing version 14.7.6 for GitLab Community Edition and Enterprise Edition. This version resolves a number of regressions and bugs in this month's 14.7 release and prior versions. GitLab Community Edition and Enterprise Edition Detect and fix artifacts with backfilled expire_at Enable feature flags to resume artifact removal on self-managed Update OpenSSL to v1.1.1n Important notes on upgrading This version does not include any new migrations, and for multi-node deployments, should not require any downtime . Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updates . Updating To update, check out our update page . GitLab subscriptions Access to GitLab Premium and Ultimate features is granted by a paid subscription . Alternatively, sign up for GitLab.com ...

What you need to know: The Free tier of GitLab SaaS will have a limit of 5 users per namespace beginning June 22, 2022 This change does not apply to our other plans: Paid SaaS subscriptions, Free and paid self-managed subscriptions, and Community programs, including GitLab for Education, GitLab for Startups, and GitLab for Open Source We continue to look for ways to make DevOps a reality for teams and organizations of all sizes. For users to get started with DevOps, learn GitLab, and develop personal and small projects from idea to production with minimal or no investment, GitLab offers the Free tier. For larger projects with many users or requiring support, GitLab offers Premium and Ultimate paid tiers. For open source projects, startups, and educational usage, GitLab offers a set of community programs tailored to each specific use case. We are also always exploring ways to become more efficient as a company. To ensure we can continue to offer the Free tier to small teams,...

Rezilion and GitLab are partnering on an integration that will help resolve the longstanding tension between developers and security teams in organizations around the world. DevOps wants to write code and push new products to innovate and stay competitive. Security teams want to ensure applications are secure and unexploitable so that their organizations stay safe. These two desires often collide as DevOps wants to keep moving and security is seen as a bottleneck to their progress. To help developers detect and remediate vulnerabilities early on in the development process and release products quickly and securely, Rezilion’s DevSecOps technology is now natively integrated with GitLab CI. Some of the key use benefits of this integration are the ability to: Reduce vulnerability backlog by up to 70% and reduce patching efforts by identifying unexploitable vulnerabilities so that developers can fix what matters most and not waste time. Prioritize what matters most in your environm...

Today we are releasing version 14.9.1 for GitLab Community Edition and Enterprise Edition. This version resolves a number of regressions and bugs in this month's 14.9 release and prior versions. GitLab Community Edition and Enterprise Edition Fix backups not working when feature_flags table does not exist Add deprecation notices that missed the 14.9.0 release tag Alias user_email_lookup_limit to search_rate_limit Reverts '353995-feature-flag-enable-geo_job_artifact_replication' Geo Upgrade warning for 14.9 Important notes on upgrading This version does not include any new migrations, and for multi-node deployments, should not require any downtime . Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updates . Updating To update, check out our update page . GitLab ...

The GitLab Security team is investigating and monitoring the situation surrounding a possible breach on the Okta platform to determine if there are any potential security issues that could have impacted GitLab or our users. At this time, no malicious activity, exploitation, or indicators of compromise have been identified on GitLab.com. How GitLab uses Okta GitLab uses Okta as a single-sign-on solution for access to various SaaS applications . Actions we have taken We’ve examined our logs, including our Okta logs to verify there has been no malicious activity. We’ve been in contact with Okta and our industry peers to fully understand Okta’s potential breach and the potential impact to GitLab. We’ve developed multiple contingency plans to thwart any potential attack scenarios and help protect GitLab and our users. Out of an abundance of caution we are evaluating additional widespread safeguard measures to further protect our team members’ sensitive credentials. Actions recomm...

Today, we are excited to announce the release of GitLab 14.9 with epic to epic linking , integrated security training , a new Environments page design , rule mode for scan result policies and much more! These are just a few highlights from the 40+ improvements in this release. Read on to check out all of the great updates below. To preview what's coming in next month’s release, check out our Upcoming Releases page , which includes our 14.10 release kickoff video. Join us for an upcoming event This month's Most Valuable Person ( MVP ) is Timo Furrer Timo became a maintainer of the Terraform provider for GitLab in February 2022. The Terraform provider allows an automated and codified management of GitLab users, groups and projects built on top of the GitLab APIs. Since he joined the team, he has been active in every part of the project and the community. In only the past month, he was the assignee on 24 merged pull requests in the Terraform provider project and he d...