Petes Linkedin Blog

Today we are releasing versions 15.6.1, 15.5.5 and 15.4.6 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. GitLab releases patches for vulnerabilities in dedicated security releases. There are two types of security releases: a monthly, scheduled security release, released a week after the feature release (which deploys on the 22nd of each month), and ad-hoc security releases for critical vulnerabilities. For more information, you can visit our security FAQ . You can see all of our regular and security release blog posts here . In addition, the issues detailing each vulnerability are made public on our issue tracker 30 days after the release in which they were patched. We are dedicated to ensuring all aspects of GitLab that are exposed to customers or that host custo...

Organizations are under intense pressure from governing bodies to attest to the fact that their software supply chains have not been tampered with. The industry has come together to create an industry standard, Supply chain Levels for Software Artifacts ( SLSA ), to guide companies on exactly how to achieve such attestation. GitLab helps organizations comply with SLSA requirements by incorporating attestation capabilities into its DevSecOps platform. “Although SLSA compliance is relatively new, security-conscious DevOps teams are already adopting its requirements to demonstrate their software is trustworthy,” says Sam White , Group Manager of Product for the Govern stage at GitLab. GitLab Federal CTO Joel Krooswyk agrees. “DevOps teams will need to understand attestation as part of new government regulations around the larger release verification process. Vendors, third-party development and integration providers, and other data-sensitive industries will be required to adhere to pu...

Today, we are excited to officially announce the limited availability of GitLab Dedicated, a new way to use our enterprise DevSecOps platform as a single-tenant SaaS offering. This new offering provides all of the benefits of an enterprise DevSecOps platform, with an added focus on data residency, isolation, and private networking to meet compliance needs.  Navigating compliance complexities At GitLab, we serve a wide variety of customers — from small start-ups and community organizations to the largest global enterprises — and we know that no single deployment model will serve the needs of all of our customers. GitLab customers have told us they need a SaaS offering that provides additional deployment control and data residency to meet stringent compliance requirements. We see this need with large enterprises and companies in regulated industries that are coming under increased scrutiny, facing global internet policy fragmentation, and are dealing with the expanding complexity ...

If you enjoy performance engineering and peeling back abstraction layers to ask underlying subsystems to explain themselves, this article’s for you. The context is a chronic Redis latency problem, and you are about to tour a practical example of using BPF and profiling tools in concert with standard metrics to reveal unintuitive behaviors of a complex system. Beyond the tools and techniques, we also use an iterative hypothesis-testing approach to compose a behavior model of the system dynamics. This model tells us what factors influence the problem's severity and triggering conditions. Ultimately, we find the root cause, and its remedy is delightfully boring and effective. We uncover a three-phase cycle involving two distinct saturation points and a simple fix to break that cycle. Along the way, we inspect aspects of the system’s behavior using stack sampling profiles, heat maps and flamegraphs, experimental tuning, source and binary analysis, instruction-level BPF instrumentatio...

Today, we are excited to announce the release of GitLab 15.6 with Git abuse rate limiting , Support for special characters in CI/CD variables , group and subgroup-level scan result policies , DAST API analyzer for on-demand DAST API scans and much more! These are just a few highlights from the 30+ improvements in this release. Read on to check out all of the great updates below. We thank the wider GitLab community for the 200+ contributions they provided to GitLab 15.6! At GitLab, everyone can contribute and we couldn't have done it without you! To preview what's coming in next month’s release, check out our Upcoming Releases page , which includes our 15.7 release kickoff video. This month's Most Valuable Person ( MVP ) is Deja Norby Deja contributed 9 different merge requests across multiple stages including Create , Secure , and Fulfillment . She resolved many linter issues helping GitLab continue to iterate. We are thankful for Deja’s contributions and it soun...