Petes Linkedin Blog

Today we are releasing versions 15.2.1, 15.1.4, and 15.0.5 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. GitLab releases patches for vulnerabilities in dedicated security releases. There are two types of security releases: a monthly, scheduled security release, released a week after the feature release (which deploys on the 22nd of each month), and ad-hoc security releases for critical vulnerabilities. For more information, you can visit our security FAQ . You can see all of our regular and security release blog posts here . In addition, the issues detailing each vulnerability are made public on our issue tracker 30 days after the release in which they were patched. We are dedicated to ensuring all aspects of GitLab that are exposed to customers or that host cust...

To inspire the Verify Stage product and engineering teams to solve new problems, we conducted a "Hackathon Week" in July 2022. Prior to the Hackathon, the team spent time brainstorming ideas to solve and enhancements to make. We then collaborated to make those ideas better. For projects with a critical mass of people who wanted to work on them, an engineer took the lead in organizing the work, making sure there was a design (where needed) and doing other unblocking to deliver an outcome. The team also focused on deleting some dead code in the code base to make future development easier. We even offered a prize for the most code/files deleted. Several themes emerged as the team brainstormed, which resulted in some greatly improved Proof of Concepts (POCs) or new features shipped in the product. Searching job logs is hard At GitLab we use the product to build new features, and we have a very rich build pipeline but not a perfect one. Because of this the team knows how hard i...

CI/CD has changed our development processes, but it hasn’t simplified them in every aspect. The amount of knowledge necessary to implement and maintain your first CI/CD pipelines is huge, and the time you need to invest in it is consequential. Partnering with GitLab, R2Devops aims to simplify CI/CD onboarding by creating a hub of CI/CD jobs. In this blog post I'll show you how to use R2DevOps with GitLab to add jobs to an open source hub. A collaborative hub of open source jobs Collaboration is core to our development processes. On a daily basis, we use open source software and code and ask our teammates for review. Working together to achieve common goals helps us to develop better products and improve continuously. With R2Devops, you’ll find a collaborative library of open source CI/CD jobs . You can save a lot of time by using jobs from an open source library. You won’t have to write your pipeline from scratch for every new project, and you can focus on what you like doing, w...

Johan Carlsson started part-time hacking in May 2021 and is already number 7 on our HackerOne Top 10 list . How did he get there in such a short time, while juggling a full-time web development job, as well as being a husband and father? Read on to learn about his unique approach, which is a great roadmap for anyone wanting to start – or improve – their hacking game. But first, a bit about Johan Carlsson (@joaxcar) : Johan lives in Gothenburg, Sweden, with his wife and their three kids. He has bachelor’s degrees in computer science and fine arts. In his after hours, when the kids are asleep, he looks for bugs in GitLab from the comfort of his sofa. He stumbled into IT security and bug bounties through a course in ethical hacking during his last semester at university. A year ago, he didn’t know what XSS, CSRF, RCE or any of that fancy jargon was, and he considers himself far from a professional hacker. He says he is learning as he goes. When not at the computer, he spends time with...

We’ve all been there. You’re sailing along, being productive, and wham! Something inexplicably awful disrupts your workflow. You ask yourself, “How could anyone think this was a good idea?” Maybe it’s a bug, slow performance, or bad design. One of the reasons we conduct user experience research at GitLab is to find these problems and report back to our teams so they can fix them. We've all been there With a product as rich and complex as GitLab, we find a lot of problems. So many, in fact, we often can't fix them as fast as you find them. ( Although we do try! ) The great thing about GitLab is that everyone can contribute . This is the first in a new series of blog posts where the UX researchers at GitLab transform their findings into some great first contributions that community members can explore. We recently spent 2 hours each with 20 people who use GitLab, going through specific tasks related to branch and merge request operations, and, predictably, we found plenty...

Today, we are excited to announce the release of GitLab 15.2 with Live preview diagrams in the wiki WYSIWYG editor , Incident timelines , Group and subgroup scan execution policies , Change failure rate chart for visualizing software stability , and much more! These are just a few highlights from the 40+ improvements in this release. Read on to check out all of the great updates below. To preview what's coming in next month’s release, check out our Upcoming Releases page , which includes our 15.3 release kickoff video. This month's Most Valuable Person ( MVP ) is kyrie.31415926535 This month we are thrilled to recognize someone nominated in 15.1 for their contributions to improving the security of all GitLab users! kyrie.31415926535 contributed changes that prevent users from adding weak SSH keys . The best place to stop a security problem is before it starts. This change serves as an additional safeguard to protect GitLab accounts from compromise. Thank you so much ...