Petes Linkedin Blog

Our GitLab SaaS vision is to provide a solution where you can easily choose and use the correct type of public cloud-hosted compute resources for your CI/CD jobs. In this first iteration towards achieving that vision, we are pleased to announce that two larger compute machines are generally available for GitLab SaaS Runners on Linux. With these two machine types, you can now access more choices for your GitLab SaaS CI/CD jobs. And with 100% job isolation on an ephemeral virtual machine, and security and autoscaling fully managed by GitLab, you can confidently run your critical CI/CD jobs on GitLab SaaS. New machine type details The new SaaS Runners on Linux are a 2 vCPU, 8GB RAM ( saas-linux-medium-amd64 ), and a 4 vCPU, 16GB RAM ( saas-linux-large-amd64 ) machine type. These machine types, powered by the latest generation of Google Compute N2D virtual machines, deliver significant performance improvements for general-purpose CI workloads. The medium machine type is available to a...

All eyes are on software supply chain security and organizations are busily generating software bills of materials, or SBoMs. But many are leaving out an equally critical part of software supply chain security: their infrastructure. GitLab has partnered with Firefly to help DevOps teams create bills of materials across the entire cloud footprint. The SBoM, which is an ingredient list that identifies third-party and open source code used within software (a.k.a. dependencies), came into the spotlight with the U.S. Executive Order on "Improving the Nation's Cybersecurity" and its resulting NIST guidelines to secure the software supply chain . While SBoMs begin to peel back the layers on risky code using elements such as composition analysis to scan for dependencies in containers, more attention must be paid to how cloud infrastructure, a critical part of the software development lifecycle, is managed and secured. Assessing cloud infrastructure When people think about so...

Several months ago, we shared that GitLab started officially supporting Amazon Linux 2 as well as providing packages for GitLab and GitLab Runner for x86 and Graviton ARM architectures. GitLab’s hard working Enablement Engineering team has taken this commitment to the next level by acquiring Amazon’s Service Ready Partner designation for Amazon Linux 2. The AWS Service Ready program requires that GitLab provide specific evidence in regard to support, compatibility testing and security testing in order to deploy GitLab on Amazon Linux 2 with confidence. Amazon Linux 2 support in GitLab 15.0 Amazon Linux 2 is supported in GitLab 15.0 and later. An earlier blog discusses a variety of important points and provides some code in order to plan a smooth transition. The Service Ready Designation has been received for version 15.3, but there were no changes made to the process from 15.0 to support the designation. GitLab Runner has had ARM64 binaries since 12.6.0 and now has Amazon Linux ...

A great way to jumpstart a DevOps practice is by adopting a microservices architecture . The benefits of a microservices architecture are numerous and include improved scalability, enhanced fault isolation, and the ability to bring new features to market faster. How to start building with microservices architecture Identify decomposable aspects of the application One of the main properties of a microservice is its independence, so identifying the decomposable parts of the application — those parts that can work autonomously — is essential. Getting the service boundaries wrong could result in unwanted changes to other services, so you need to understand the system’s domain. In many cases, such breakdown aligns with the business domains and is reflected in development teams. Determine the metrics to monitor With a microservices application, it’s crucial to monitor the status of each service so it’s possible to react to changing demands in the production environment. Some common met...

Mobile teams face some unique challenges when it comes to establishing DevOps practices. Build tools are different, release and approval cycles with app stores can be slower and introduce more risk, and some applications require specialized runners. At GitLab, we are focused on finding solutions to these challenges to make it easier for everyone to contribute ! Starting with mobile code signing. This post is the first in a series on mobile DevOps and it shows how GitLab makes code signing easier using a new feature called Project-level Secure Files. A brief introduction to mobile code signing Android and iOS projects require special configuration files for secure application code signing to ensure an application on a user's device hasn't been tampered with. These configuration files can be challenging to manage in a CI environment . Keystores, signing certificates, and provisioning profiles shouldn't be stored in version control because they contain sensitive information...

In 2020, respondents to our annual Global DevSecOps Survey started mentioning artificial intelligence and machine learning for the first time. In that survey, roughly 16% of respondents were using “bots” to test code, or were planning to, while 12% of devs said knowledge of AI/ML would be critical to their future. Fast forward just two years and AI in DevOps is a reality in teams around the world, according to our 2022 Global DevSecOps Survey . 24% of respondents said their DevOps practices include AI/ML, more than double the 2021 percentage. 31% of teams are using AI/ML for code review, 16 points higher than last year. Today 37% of teams use AI/ML in software testing (up from 25% in 2021), and 20% plan to introduce it this year. Another 19% plan to roll out AI/ML-powered testing in the next two to three years. Fully 62% of survey takers are practicing ModelOps. 51% use AI/ML to check (not test) code. All told, only 5% of teams said they had no plans to incorporate ...

Git is free and open source version control and has become the industry standard for keeping track of changes in software. A recent survey by JetBrains states that 93% of developers surveyed use Git for source control. Even though it’s used by almost every software developer, it’s still not ubiquitously taught as part of coding courses. Many people end up learning Git either on the job or on their own. We’ve gathered a list of sites to learn Git, whether you’re brand-new to it or you need to fine-tune your skills. These five resources are largely focused on visual learning and use either video-based tools or an interactive website or game. 1. Oh My Git Oh My Git is a gamified way of learning Git commands that includes a visualization of what effect your actions have on the repository. It’s card-based for early beginners. Think of it like Hearthstone or Magic the Gathering, but better for learning. It can also be played by using the command line as well. Start playing today! 2. Gi...