Petes Linkedin Blog

Modern application development requires a cloud native platform that can operate in and across multiple cloud providers. GitLab has partnered with Oracle to enable customers to run GitLab’s DevOps platform on Oracle Cloud Infrastructure (OCI). With OCI, organizations can accelerate migrations of existing enterprise workloads, deliver better reliability and performance for all applications, and offer the complete services customers need to build innovative cloud applications. With GitLab’s DevOps platform and OCI, businesses can create a resilient, high-performance DevOps environment. OCI also supports automatic operating system patching and zero trust architecture, which aligns with GitLab’s focus on application security . The benefits of pairing GitLab and OCI Pairing GitLab’s DevOps platform and OCI provides many benefits, including the following: performance platform breadth security value hybrid and multi-cloud environments GovCloud regions Performance OCI provides a h...

Today we are releasing version 15.4.3 for GitLab Community Edition and Enterprise Edition. This version resolves a number of regressions and bugs in this month's 15.4 release and prior versions. GitLab Community Edition and Enterprise Edition Restore caching for License.current logic Fix closing of external issues Gitaly: add config.toml back, as mock template Fix REST/GRAPHQL APIs handling TODOs WorkItem target Sign in: use custom logo again Sign in: use custom logo again Gitaly: add config.toml back, as mock template Important notes on upgrading This version does not include any new migrations, and for multi-node deployments, should not require any downtime . Please be aware that by default the Omnibus packages will stop, run migrations, and start again, no matter how “big” or “small” the upgrade is. This behavior can be changed by adding a /etc/gitlab/skip-auto-reconfigure file, which is only used for updates . Updating To update, check out our update page . G...

The DAST and Vulnerability Research teams at GitLab are excited to announce we have fully integrated passive checks into our new browser-based DAST analyzer . Passive checks work by monitoring the network traffic to target applications while the web site is automatically crawled. This allows us to identify weaknesses that may exist without sending potentially disruptive network requests. This continues our effort to fully switch over to our browser-based analyzer for DAST in the coming months. If you are interested in using our new DAST analyzer please see our documentation on how to configure a browser-based DAST scan . History of DAST at GitLab DAST was officially launched as a part of the GitLab 10.4 release in January 2018. By utilizing the powerful OWASP Zed Attack Proxy we were able to give our customers the ability to dynamically scan their web applications. From that initial minimal viable product, we have grown to the point where we are now running over a million scans ...

Remember NoOps, the idea that automation would eliminate the operations role completely? Fast forward a few years and the idea of NoOps today seems almost laughable. In today’s modern DevOps teams it’s safe to say it’s really “AlltheOps ,” at least based on the results of our 2022 Global DevSecOps Survey . An expanding role No DevOps job is static , but ops pros are experiencing truly dramatic changes to their work lives. In fact, ops pros reported seven areas of responsibility now added to their plates thanks to modern DevOps practices: Managing the cloud Managing the hardware/infrastructure Maintaining the toolchain DevOps coaching Responsibility for automation Overseeing all compliance and audits Platform engineering Managing the cloud and hardware/infrastructure were the two tasks most frequently named, and they were split nearly evenly down the middle, with roughly 50% of ops pros focusing on one or the other task primarily. Another area – maintaining the toolchain – ...

If you spend any time coding, you've probably considered starting an OSS project at some point. Of course, the natural temptation is to immediately sit down and start writing code. That's a great approach that many projects have started from, but what about when it's time to let others contribute? An OSS project is as much about community as it is code, and the key to building a good project is providing an inviting, productive place for that community to work and create. How can new contributors be onboarded smoothly? What kind of maintenance and automation will allow the project to scale beyond the scope of its original creator's time and resources? This article hopes to answer a few of these questions and provide first-time project maintainers with a solid foundation for launching a great OSS project. Create a great README.md A README file is the "entry point" to an OSS project. Most distributed version control software hosting platforms like GitLab make...

When you're working on an incident, every second counts. Team members and leadership are looking for updates. Any interruption can make you lose track of where you were. Finding the root cause or working on a code change to resolve the incident requires time and focus. After the incident is resolved, you'll need to provide a summary of what happened during the post-incident review. How can you provide updates and keep track of important events while working on the incident? GitLab recently launched incident timelines . Incident timelines are the single source of truth (SSoT) for key updates and events that happen during an incident. They typically include things like when the incident was declared, who is actively working on the incident, and other important events during the incident; i.e. "Disabling Canary to test a hot fix." Updating the timeline needs to be done quickly and efficiently. Use GitLab quick actions to add multiple timeline items programmatically. ...

Modern software development often takes advantage of code reuse. Instead of reinventing the wheel, developers can use a library that focuses on a particular function for use in an application. However, there is one caveat: These dependencies may be susceptible to security vulnerabilities, which may render your whole application – and possibly your software supply chain – as vulnerable. That is why DevOps teams must be able to generate a software bill of materials, or SBoM . GitLab has partnered with Rezilion to make this task easier. The need for SBoMs In 2020, the Solar Winds software supply chain attack happened . Hackers used an easy-to-guess password to inject malicious code into a software update and many users of the affected Solar Winds product Orion, including government agencies, had their data compromised. This breach, along with other high-profile attacks, led Pres. Biden's administration to require software vendors to deliver a software bill of materials (SBoM) wi...