Petes Linkedin Blog

The future of DevOps education needs to include security By Pj Metz Over the past year, I’ve done more than 20 free virtual presentations on DevOps at the request of universities around the world. Recently, a few educators have asked me for another offering: A presentation on DevSecOps. DevSecOps is the inclusion of security as an integral part of traditional DevOps development, a strategy known as shifting left . With DevSecOps, myriad security scans, including dynamic application security testing and static application security testing, and other security tasks are performed during the development process rather than waiting until later in the cycle. DevSecOps enables organizations to identify and mitigate vulnerabilities early to ensure safer software and avoid delivery delays. As DevOps teams across industries evolve into DevSecOps teams, higher education should respond in kind to ensure students likely to enter tech careers have the skills necessary to be competitive. In GitLa...

Today we are releasing versions 15.8.1, 15.7.6, and 15.6.7 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. GitLab releases patches for vulnerabilities in dedicated security releases. There are two types of security releases: a monthly, scheduled security release, released a week after the feature release (which deploys on the 22nd of each month), and ad-hoc security releases for critical vulnerabilities. For more information, you can visit our security FAQ . You can see all of our regular and security release blog posts here . In addition, the issues detailing each vulnerability are made public on our issue tracker 30 days after the release in which they were patched. We are dedicated to ensuring all aspects of GitLab that are exposed to customers or that host cust...

Now that open source has finally become a mainstream topic of conversation in the software industry, many organizations are increasingly curious about best practices for consuming, using, managing, and contributing to open source software projects. Open source software can seem alien and intimidating for organizations unfamiliar with it, and participating meaningfully and effectively in the open source ecosystem can be challenging. Organizations especially serious about working in open source have formed open source program offices (OSPOs) to spearhead their efforts. These offices are centers of excellence for an organization's ongoing work in open source. They help the organization realize the benefits of working with open source communities to accelerate innovation and build more secure tools. Perhaps your organization is considering establishing an OSPO. If it is, you likely have questions about how to get started – and especially about the best ways to help your organization...

The benefit of a DevSecOps platform is to create a foundation upon which an organization can build its entire development process. Rather than having to log onto several different systems to manage, observe, and advance through the software development lifecycle, DevSecOps teams have one application to serve as their system of record. To augment the platform and create even more business value, organizations can create integrations with third-party software and systems, while still maintaining a unified experience for stakeholders, developers, and operators. Let's look at what integrations are possible and the use cases that drive them. What can be integrated with GitLab As a senior solutions architect for Alliances here at GitLab, I often get asked, "How can I integrate GitLab with X?" My response: That depends on what's being integrated. X could be a cloud provider, point tool, legacy application or web service that might be used in the development cycle. How to...

In 2023, organizations will focus their time and resources on the continued shift left of security, completing the evolution from DevOps to DevSecOps. GitLab Chief Marketing and Strategy Officer Ashley Kramer says that every company will need to have security tightly integrated into DevOps to combat the increased threats throughout the software development lifecycle. In addition, DevSecOps teams will have to continue to focus on supply chain security, make optimal use of artificial intelligence and machine learning, and expand their use of value stream analytics. GitLab leaders from across disciplines share these predictions and more about how the industry will change this year. Prediction 1: Protecting the supply chain will be the top priority Security will continue to be an organization-wide responsibility, shifting further left and spanning from the IDE to applications running in production, according to David DeSanto , Chief Product Officer. In our 2022 Global DevSecOps survey...

Keeping a secure development environment is my daily focus here at GitLab. My team and I are committed to hunting for vulnerabilities and mitigating them before they impact others. I feel equally enthusiastic about helping the development community identify potential risk. So when I had the opportunity to join an open-source security audit of Git, funded by the Open Source Technology Improvement Fund (OSTIF) , I jumped at it. Little did I know it would lead to the discovery of CVE-2022-41903 . Here's how it all unfolded. How we set up a collaboration environment The Git security audit was run by X41 D-Sec on behalf of OSTIF. Due to prior experiences in finding vulnerabilities in Git, I was very keen on joining the audit. When Markus at X41 suggested a collaboration to the OSTIF they were very open to it, so all I had to do was convince my manager to spend some time on this audit. This wasn't a problem at all. The to-be-done work fits nicely into our Security Research Tea...

It’s easy to say that 2023 will be the year of innovation, but with the macroeconomic environment requiring an obsessive eye on cost efficiencies, and in some cases, cost-cutting, exactly how are organizations supposed to stay competitive when it comes to software development and delivery? The answer is clear: Stay focused on supporting your developers. Our two new beta releases help you do just that. The GitLab Value Streams Dashboard, now available in private beta, ensures that all stakeholders have visibility, early and in real time, into the progress and value delivery metrics associated with software development and delivery. With everyone on the same page, discussions can be had and adjustments made before developers face obstacles or stall out waiting for decision-makers to get up to speed. Developers can also see, at-a-glance, their impact on the idea-to-customer value chain. The goal: Reduce idle time so that developers can spend more time developing and IT leaders can better...

Today, we are excited to announce the release of GitLab 15.8 with block merges unless external status checks pass , SCIM support for self-managed GitLab , view estimated queuing for runners in the admin area , migrate GitLab projects by direct transfer beta , and much more! These are just a few highlights from the 35+ improvements in this release. Read on to check out all of the great updates below. We thank the wider GitLab community for the 85+ contributions they provided to GitLab 15.8! At GitLab, everyone can contribute and we couldn't have done it without you! To preview what's coming in next month’s release, check out our Upcoming Releases page , which includes our 15.9 release kickoff video. MVP This month's Most Valuable Person ( MVP ) is Patrick Rice Patrick is a consistent contributor to GitLab Terraform Provider - contributing 2-3 releases every milestone. He not only contributes code, but also triages and reviews issues in the provider and contributes...