⛎ 👩‍👦‍👦 🧑🏼‍🤝‍🧑🏼 GitLab 13.12 Released with DAST On Demand and Deployment Frequency Graph 🔬 😵 🎗️

A picture to attract attention

This month, we're excited to introduce pipeline management and usability improvements to make you more productive, as well as security updates and analytics to help you implement DevOps at a much higher level. And these are just the main of 44 improvements in this release!

Manage security until it starts to rule you

To help keep your production environments safe, we are making On-Demand DAST scans publicly available to all Ultimate plan users. Manual launch of scans allows you to check already deployed applications or APIs in any of your configured environments outside the CI / CD pipeline (in the Russian localization of GitLab “assembly line”), that is, without changes in the code and without merge requests (in the Russian localization of GitLab, “requests to merge ").

SAST Semgrep JavaScript, TypeScript Python . Semgrep , GitLab SAST. , GitLab Semgrep. @proletarius101 .ipa

(iOS) .apk

(Android), Xcode Android-.

GitLab, . , , GitLab.

— GitLab , . - JavaScript , DAST, , -. GitLab Ultimate - . .

— CI/CD, , GitLab. , CI/CD .

CI/CD, , include:

, .gitlab-ci.yml

. , . , ; , .

DevOps

, . , DORA4. . , , .

(Value Stream Analytics) , , . 13.12 , . « » (Days to Completion) , .

@leetickett , -. , .

- . - , GitLab.

!

GitLab. 13.12:

, ! , , 14.0.

REMOTE GitLab, .

GitLab MVP badge

MVP — Lee Tickett

Lee : . , , , . .

Lee - GraphQL API: - - GraphQL.

, Lee!

GitLab 13.12

DAST-

(SaaS: ULTIMATE; self-managed: ULTIMATE) DevOps: Secure

, DAST (Dynamic Application Security Testing, ) ! , API . 13.11 DAST- , URL-, - API. , 13.9, , , 13.10! , GitLab.

, , , DAST- . , . , , , — .

On-demand DAST GA launch

DAST- .

GitLab CI/CD

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

CI/CD- GitLab , CI/CD. , GitLab, . , .

Useful GitLab CI / CD information in the pipeline editor

YAML

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

includes:

CI/CD .gitlab-ci.yml

, . . , . *

includes:

. includes:

, . , GitLab.

Support wildcards when including YAML CI / CD configuration files

includes

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

CI/CD-, . .

needs

, , . , , .

13.12 , - needs:

. , , . needs:

.

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

GitLab end-to-end , Selenium, . , , , . , - , , .

- . , , .

Failed test screenshots in test report

-

(SaaS: ULTIMATE; self-managed: ULTIMATE) DevOps: Verify

, . -, - IDE. .

- , . GitLab, — .

Code quality violation notices in MR diffs

CI/CD

(SaaS: ULTIMATE; self-managed: ULTIMATE) DevOps: Release

DORA4 GitLab . , , , . , , .

Group-level deployment frequency CI / CD chart

GitLab 13.12

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Manage

, . , , , . , , .

. , . — .

Added total group and project count to admin users table

(SaaS: PREMIUM, ULTIMATE; self-managed: PREMIUM, ULTIMATE) DevOps: Manage

(Value Stream Analytics) . , production. , - .

, , . .

Improvements to the deployment metrics in Value Stream Analytics

(SaaS: PREMIUM, ULTIMATE; self-managed: PREMIUM, ULTIMATE) DevOps: Manage

20 . .

, , . , , Code, .

View and sort stage items in a value stream

(SaaS: PREMIUM, ULTIMATE; self-managed: PREMIUM, ULTIMATE) DevOps: Manage

, , , . , , .

View the number of workflow items in a value stream stage

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

, . , , .

Pipeline status widget in the pipeline editor

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Package

GitLab . .

, , . GitLab 13.12 , .

GitLab API > (Settings > Packages & Registries) GitLab. . !

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Secure

GitLab . , , GitLab , CI. - , , , SAST.gitlab-ci.yml

template GitLab. .gitlab-ci.yml

, , GitLab CI, , GitLab CI.

Configuration tool for Secret Detection

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Secure

GitLab 13.5 (SAST) Android iOS. SAST Xcode Android. @proletarius101 GitLab SAST .ipa (iOS) .apk (Android), . GitLab SAST. , , CI . , , .

SAST .

Semgrep — SAST JavaScript, TypeScript Python

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Secure

GitLab 13.11 Semgrep — SAST JavaScript, TypeScript Python. [ ]https://habr.com/ru/post/557168/#gitlab--semgrep-obnovlyaem-sast-i-zakladyvaem-osnovu-na-buduschee) r2c, , Semgrep — . -, , Semgrep.

13.12 CI SAST.gitlab-ci.yml

JavaScript TypeScript — ESlint. ESLint, Semgrep. , . SAST.gitlab-ci.yml

, , Semgrep, , CI SAST, CI.

GitLab, r2c , . Semgrep , . , .

SAST .

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Release

— , . .

Deleting deploy keys will inform the user if in use

GitLab Pages

(self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Release

GitLab Pages ZIP- 14.0, 13.11. . , . GitLab 13.12 . . , .

ZIP- .

`release:`

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Release

GitLab 13.2 release:

release-cli. release:

, .gitlab-ci.yml

.

release: keyword supports asset links

GitLab

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Configure

, GitLab GitLab 13.9 GitLab 14.0, 22 . , , .

GitLab .

(SaaS: PREMIUM, ULTIMATE; self-managed: PREMIUM, ULTIMATE) DevOps: Monitor

. , GitLab, . , .

Warn administrator when removing an on-call user

Geo PostgreSQL (-)

(self-managed: PREMIUM, ULTIMATE)

Patroni — PostgreSQL, PostgreSQL Geo. , , . , .

Geo - PostgreSQL Patroni. Patroni, , .

Patroni .

Geo Terraform

(self-managed: PREMIUM, ULTIMATE)

Geo Terraform. , . Geo , .

Geo, .

(FLoC)

(self-managed: FREE, PREMIUM, ULTIMATE)

(FLoC) — -, cookie . . FLoC Chrome .

GitLab 13.12 FLoC GitLab. FLoC, .

FLoC .

(SaaS: PREMIUM, ULTIMATE; self-managed: PREMIUM, ULTIMATE) DevOps: Manage

. , , . . , .

Enforce delayed project removal for all subgroups

(self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Manage

, . , .

, , , , - . , , , - GitLab.

Users' group counts now displayed in Admin Area

(SaaS: PREMIUM, ULTIMATE; self-managed: PREMIUM, ULTIMATE) DevOps: Manage

« » , , . , , .

, .

View average time to complete workflow items

« » .

-

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Plan

, -, "/spend", , . -. , , (Time tracking report) , , -. @leetickett !

Time tracking reports for issues and merge requests

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

GitLab , - . , .

, , .

, , , .gitlab-ci.yml

.

'workflow:rules' CI/CD

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

rules

, . 13.8, variables

rules

, . workflow: rules

, , . .

Support variables in CI / CD pipeline 'workflow: rules'

CI/CD .

API

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Package

GitLab . , Maven npm. CI, . , , .

GitLab 13.12 GitLab . . .

GitLab 13.12 API , , . CI . , .

(SaaS: ULTIMATE; self-managed: ULTIMATE) DevOps: Secure

GitLab , . Secure, . API . GitLab . (SAST, DAST), .

. (, SAST), GitLab, . .

Filter Project Vulnerability Report by vendor name

DAST (-)

(SaaS: ULTIMATE; self-managed: ULTIMATE) DevOps: Secure

, 13.12 - . -, DAST, . JavaScript , . - JavaScript, , JavaScript. .

. , , . DAST .

. 327394 @derekferguson

. DAST .

DAST .

SAST

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Secure

SAST ( ) GitLab , GitLab . , 13.12. , .

MobSF 3.4.3: -, .
nodejs-scan 0.2.6: -, .
GitLeaks 7.5.0: -, .
pmd-apex 6.34.0: -, .
Spotbugs 4.2.3: -, .

GitLab SAST (SAST.gitlab-ci.yml), , . , CI, CI.

SAST .

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Release

13.12 API , , , — . REST API. Devin Christensen !

API .

CI- Pages: Gatsby

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Release

Gatsby « ». . , . Takuya Noguchi , GitLab, Gatsby, .

CI- Pages .

Elastic Stack

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Configure

, Gitlab, Elastic Stack , GitLab. , Elastic Stack , GitLab.

Elastic Stack GitLab. , , GitLab.

Elastic Stack .

API

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Monitor

. GitLab API. GitLab 13.12 issue_type

REST API GitLab type

GraphQL API GitLab. API , issue_type

incident

(REST API) type

INCIDENT

(GraphQL API).

Geo LFS

(self-managed: PREMIUM, ULTIMATE)

Geo LFS, Geo LFS. 200 . LFS ( ). Geo, , Geo.

Geo .

Geo

(self-managed: PREMIUM, ULTIMATE)

Geo PostgreSQL . Geo . Geo PostgreSQL Geo. , , , PostgreSQL, .

PostgreSQL .

Elasticsearch

(self-managed: PREMIUM, ULTIMATE)

Elasticsearch GitLab Elasticsearch, URL- http(s)://<username>:<password>@<elastic_host>:<elastic_port>/

. GitLab. , , , , GitLab .

In this release, we provide separate input fields for the Elasticsearch username and password, and the password is hidden to prevent users from seeing its characters as plain text.

Obfuscate Elasticsearch password in Admin UI

Elasticsearch configuration documentation and original ticket .

You can find the full release text and update / installation instructions in the original English post: GitLab 13.12 released with On-Demand DAST and Deployment Frequency Chart

.

We worked on the translation from English cattidourden, maryartkey, ainoneko and rishavant...

GitLab 13.12 Released with DAST On Demand and Deployment Frequency Graph

Manage security until it starts to rule you

DevOps

!

MVP — Lee Tickett

GitLab 13.12

DAST-

GitLab CI/CD

YAML

-

CI/CD

GitLab 13.12

Semgrep — SAST JavaScript, TypeScript Python

GitLab Pages

release: (adsbygoogle = window.adsbygoogle || []).push({}); (adsbygoogle = window.adsbygoogle || []).push({}); (adsbygoogle = window.adsbygoogle || []).push({});

GitLab

Geo PostgreSQL (-)

Geo Terraform

(FLoC)

-

'workflow:rules' CI/CD

API

DAST (-)

SAST

CI- Pages: Gatsby

Elastic Stack

API

Geo LFS

Geo

Elasticsearch

More articles:

`release:`