Petes Linkedin Blog

Today we are releasing versions 15.4.1, 15.3.4, and 15.2.5 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. GitLab releases patches for vulnerabilities in dedicated security releases. There are two types of security releases: a monthly, scheduled security release, released a week after the feature release (which deploys on the 22nd of each month), and ad-hoc security releases for critical vulnerabilities. For more information, you can visit our security FAQ . You can see all of our regular and security release blog posts here . In addition, the issues detailing each vulnerability are made public on our issue tracker 30 days after the release in which they were patched. We are dedicated to ensuring all aspects of GitLab that are exposed to customers or that host cust...

Let's Encrypt , a free, automated, and open certificate authority, is integrated with GitLab to help DevOps teams encrypt web traffic and protect the confidentiality of information their users share with websites. This article explains, step by step, how to add a Let's Encrypt Transport Layer Security ( TLS ) certificate to a website hosted and managed via GitLab Pages. What is TLS? TLS is a protocol designed to make the internet more secure. Now more than two decades old, TLS, which evolved from Secure Sockets Layer (SSL), helps ensure that when users connect to websites — and transmit potentially sensitive data to and from those websites — they are doing so over a secure connection. It's an important protocol because internet connections aren't necessarily secure by default. Malicious actors can intervene in the internet connection made to retreive web pages, and then they can view or even manipulate the data traveling through that connection. To minimize the chan...

Microservices architecture offers numerous benefits for development teams and business overall. Let’s look at the advantages and disadvantages of microservices. Scalability improvements Since each microservice runs independently, it is easier to add, remove, update or scale each cloud microservice. Developers can perform these tasks without disrupting any other microservice in the system. Companies can scale each microservice as needed. For instance, if a particular microservice experiences increased demand because of seasonal buying periods, more resources can be efficiently devoted to it. If demand drops as the season changes, the microservice can be scaled back, allowing resources or computing power to be used in other areas. Improved fault isolation Under a monolithic architecture structure, when developers experience a failure in one element of the architecture, it will collapse all architecture components. With a microservices architecture, if one service fails, it’s much le...

In Part 1 of this tutorial series, we talked about a new feature in GitLab called Project-level Secure Files . With Project-level Secure Files, you can securely store your build keys as part of your project in GitLab, and avoid some painful problems caused by lost keystore files. In this blog post, I'll show you how to create a Keystore file and use it to sign an Android application. Then I'll show you how to quickly create a CI pipeline in GitLab using Project-level Secure Files. Generate a private signing key The first thing you'll need is a Keystore file. This file is used to securely sign the application. You can generate a Keystore file from your machine by running the following command: keytool -genkey -v -keystore release-keystore.jks -alias release -keyalg RSA -keysize 2048 -validity 10000 During this process, you'll be asked to create a new password for the Keystore file and provide some information about you and your organization. See the example belo...

In summer 2022, the Vulnerability Research team at GitLab launched the Google Summer of Code (GSoC) project: A benchmarking framework for SAST . The goal of the project was to create a benchmarking framework, which would assess the impact and quality of a security analyzer or configuration change before it reaches the production environment. Preliminaries GitLab SAST As a complete DevOps Platform, GitLab has a variety of integrated static analysis (SAST) tools for different languages and frameworks. These tools help developers find vulnerabilities as early as possible in the software development lifecycle. These tools are constantly being updated, either by upgrading the underlying security analyzers or by applying configuration changes. Since all the integrated SAST tools are very different in terms of implementation, and depend on different tech stacks, they are all wrapped in Docker images. The wrappers translate tool-native vulnerability reports to a generic, common report ...

A DevOps platform deployed as a single application takes DevOps gains to the next level, enabling teams to deliver more value to their organization with fewer headaches. A platform, which includes the ability to plan, develop, test, secure, and operate software, empowers teams to deliver software faster, more efficiently, and more securely. And that makes the business more competitive and more agile . A complete DevOps platform gives organizations everything they need to turn ideas into valuable and secure software without the time-consuming and costly headaches that multiple tools and multiple UXes bring. A single, end-to-end platform also gives teams one data store sitting underneath everything they do, and, regardless of the interface they are using, allows them to easily surface insights about developer productivity, workflow efficiency, and DevOps practice adoption. There are many benefits to a DevOps platform, including visibility and actionability. Gain visibility and contex...

Today, we are excited to announce the release of GitLab 15.4 with GitLab's first machine learning powered feature: Suggested Reviewers open beta , improved CI/CD integration in VS Code , Pages Pipeline Wizard , email validation bypass for verified domains and much more! These are just a few highlights from the 60+ improvements in this release. Read on to check out all of the great updates below. We thank the wider GitLab community for the 186 contributions they provided to GitLab 15.4! At GitLab, everyone can contribute and we couldn't have done it without you! To preview what's coming in next month’s release, check out our Upcoming Releases page , which includes our 15.5 release kickoff video. This month's Most Valuable Person ( MVP ) is Lennard Sprong This month we are pleased to recognize Lennard Sprong as our MVP for all his contributions! With 7 MRs merged in the 15.4 release, Lennard added multiple significant features to GitLab’s VS Code extension. Be...