Petes Linkedin Blog

Securing CI/CD workflows can be challenging. This blog post walks you through the problem validation, explores the JWT token technology and how it can be used with OIDC authentication, and discusses implementation challenges with authorization realms. You will learn about the current possibilities and future plans with GitLab 16.0. Variables vs. secrets Variables are an efficient way to control and inject parameters into your jobs and pipelines, making managing and configuring the CI/CD workflows easier. You can read more about how to use CI/CD variables . An extra layer of security on top of variables to mask and protect, for now, is our “best-effort” to prevent sensitive variables from being accidentally revealed. However, variables are not a drop-in replacement for secrets. Securing secrets natively is a solution that GitLab aspires to provide. Meanwhile, we recommend storing sensitive information in a dedicated secrets management solution. As a company, we will provide you abili...

Today we are releasing version 15.9.1 for GitLab Community Edition and Enterprise Edition. This version resolves a number of regressions and bugs in this month's 15.9 release and prior versions. GitLab Community Edition and Enterprise Edition Resolve "Deprecate legacy praefect config structure in Omnibus" Fix dependency check in license approval policies Fix LDAP config sync_name problem Document rate limit for Direct transfer Missaligned ref-selector dropdown button on search page status bar Fix Broadcast messages not showing in admin console Bump omniauth_openid_connect to v0.6.1 Important notes on upgrading This version does not include any new migrations, and for multi-node deployments, should not require any downtime . Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is ...

By following the DevSecOps principles, companies can ensure their applications are safe from malicious actors while delivering value quickly and efficiently. In this article, we'll take an in-depth look at DevSecOps principles and how they can help organizations stay ahead of the curve in terms of security. Let’s dive in. What is DevSecOps? DevSecOps is an approach to software development that combines the three principles of development, security, and operations. It enables teams to create a secure and reliable product while delivering value quickly and efficiently. The successful execution of DevSecOps involves continuous integration, automation, and testing with the goal of accelerating time-to-market without sacrificing quality or security. DevSecOps principles: An overview DevSecOps principles enable a development team to build secure and dependable applications at speed through the execution of ingrained security testing. By executing a DevSecOps approach, teams integra...

Machine learning can be a powerful tool in software development, but not if it has to live apart from existing engineering workflows. DevSecOps teams, including MLOps, can now integrate OctoML CLI into GitLab’s CI/CD Pipelines to unify workflows and leverage existing deployment and monitoring infrastructure. This integration makes it easier to catch bugs and model performance degradations early in the ML development cycle.  The OctoML Platform is a machine learning model optimization and deployment service powered by octoml.ai. Machine learning has grown in popularity in DevSecOps, along with AI, because of its ability to learn and model how to perform complex tasks as a human would and then automate those tasks. How does CI/CD apply to machine learning? Once a machine learning model has been successfully deployed, it can get stale over time and its accuracy could degrade, a situation called “data drift”. Data drift causes newer inferencing data to drift away from the data us...

Today, we are excited to announce the release of GitLab 15.9 with guest roles viewing private repositories , license approval policies and license compliance scanner , notifications in the GitLab for Slack app , code suggestions in closed beta and much more! These are just a few highlights from the 105+ improvements in this release. Read on to check out all of the great updates below. We thank the wider GitLab community for the 410+ contributions they provided to GitLab 15.9! At GitLab, everyone can contribute and we couldn't have done it without you! To preview what's coming in next month’s release, check out our Upcoming Releases page , which includes our 15.10 release kickoff video. MVP This month's Most Valuable Person ( MVP ) is Kyle Edwards Kyle Edwards contributed the ability to set custom text in a user deactivation email . This feature allows customers to specify why a user account was deactivated, and what steps to take for reactivating it. Kyle was pr...