GitLab 11.5 released with control panels for operators and security professionals and access control GitLab Pages
Security panel within the group
Developers have long been using GitLab as a tool to secure their code. GitLab now gives security professionals more control and empowerment, so they can use it to improve application security and ensure compatibility. With release 11.5, the group’s new security panel brings together all the information security specialists may need in a convenient way designed specifically for them. This panel contains new display options: an overview of the security information of various projects, as well as in-depth information about each of them. At 11.5 we start with SAST reports, in future releases we will add new reports to this panel. Our goal is to create a convenient tool, a single security panel that security experts can use instead of switching between a variety of tools.
New control panel for operators
Just as the security panel of the group provides security professionals with a wide range of options, the control panel for operators provides similar capabilities for DevOps specialists. This panel collects in one place information about all operations on the projects of your instance, including the status of the pipeline and alerts.
Managing Access to GitLab Pages
GitLab Pages is a convenient way to create static content online, for example, documentation for your project. But what about private projects, where documentation and other files should be available only to project participants? Previously, to use this feature, it was required to open public access to all additional files, or not to use it at all.
Starting with the release of GitLab 11.5, you can apply the same access restrictions to GitLab Pages as with tasks and code. Unauthorized users will receive a page with error code 404 when they try to open such a link. At the moment , access control to GitLab Pages works in server copies of GitLab, support is also planned at GitLab.com.
We are very proud of this feature, as it was contributed by our community. The access control to Pages was requested especially frequently, and as a result, this feature was added by community members themselves .
Knative for Kubernetes
Serverless (“serverless”) application architecture is now much discussed, but often misunderstood. Some believe that serverless computing implies "Function as a Service" (FaaS), but this is not entirely true . In short, serverless architecture allows you to focus on writing business logic, without requiring an understanding of the underlying infrastructure on which your software will run. Thus, applications and functions can be serverless.
Knative is a Kubernetes platform designed to create, deploy, and manage modern serverless projects, and in GitLab 11.5 we added the ability to easily deploy and integrate Knative with GitLab . You can install Knative on a connected Kubernetes cluster with one action. In GitLab 11.5, you can use Knative for your serverless applications, support for serverless functions will be added in 11.6.
Currently, Knative is still in alpha, but there are many good reasons to deploy applications with it, as it comes with powerful features right out of the box. For example, Knative monitors the loading of the hearth and can automatically increase or decrease their number without additional configuration. Knative also has event handling, which makes it easier to manage communications between Producer and Consumer services when deploying microservices.
And even more!
There are so many cool innovations in this release that we couldn't fit all of them into the intro. Further features such as parallel for the pipeline , the redesign of the cards on the task board and the initial integration with Jaeger are waiting for you. In this release, we have made significant improvements to the code review process, making it easier and more convenient: for example, added the ability to comment on unchanged code lines in a merge request , preview the merge requester before sending it , automatically assigning owners of a code to confirm merge request and Direct links to review apps . Read on and you will learn about all the new features that are included in this release.
This month's MVP is Tuomo Ala-Vannesluoma
Tuomo did a great job by implementing access control to GitLab Pages - a popular feature that many have asked to add. Private projects can now restrict access to their content, which allows you to create and store internal pages with private information.
Thank you, Tuomo! This contribution required significant work in the gitlab-ce , gitlab-pages and omnibus-gitlab .
The main features of the release of GitLab 11.5
Security panel within the group
(ULTIMATE, GOLD)
Security professionals need to easily obtain information on the current security status of all their projects in order to know which task will be the most important now. This is even more important for security directors who need to review potential critical vulnerabilities affecting the entire development.
In the release of GitLab 11.5, we present the first version of the new security control panel available at the group level. It collects in one place the vulnerabilities identified by SAST for all projects of this group and a list of available actions to fix them. For example, you can create a task with the proposed solution, or simply hide the notification if you think that this is an erroneous response. Future releases will add support for other tests - Dependency Scanning, Container Scanning, DAST.
Note that the group security panel requires the use of a new syntax for reports reports and a GitLab Runner version 11.5 or higher to display the results. Auto DevOps support will be added in the next release.
Documentation of the new security panel and the original ticket .
Operator dashboard
(ULTIMATE, GOLD)
For companies and teams using DevOps, it is important to be able to quickly access information about the status of projects.
Release 11.5 presents a new panel for operators, containing an overview of all important metrics for projects to which the user has subscribed, such as the time since the last deployment, the last commit and active alerts.
This panel can be configured as a home page for the user, or it can be accessed by clicking on the icon in the top panel.
Documentation on the new panel for operators and the original ticket .
Managing Access to GitLab Pages
(CORE, STARTER, PREMIUM, ULTIMATE)
In the release of GitLab 11.5, we present a stunning feature introduced by the community - access control to GitLab Pages. Previously, we supported only those cases in which all content on the project was public, but now using Pages you can create and publish protected content, access to which will be open only to project participants. Operations documents, secret data, plans and other information can now be published confidentially, providing access to it for a limited number of people.
So far this feature is not connected on GitLab.com, more information on the ticket 5576 .
Documentation on managing access to Pages and the original ticket .
Knative deployment and integration with GitLab
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
Creating serverless applications gives teams the opportunity to focus on creating a quality product, eliminating the need to configure and maintain servers.
Starting with the release of GitLab 11.5, the ability to deploy Knative to your Kubernetes cluster in a single step has been introduced using GitLab integration with Kubernetes. Knative is a Kubernetes platform designed to create, deploy and manage modern serverless projects. Previously complex tasks, such as assembling from source to container, traffic management and scaling to 0 (scaling-to-zero) with no load, now work right out of the box.
Documentation on working with serverless architecture in GitLab and the original ticket .
Assigning code owners to confirm merzh-request
(STARTER, PREMIUM, ULTIMATE, BRONZE, SILVER, GOLD)
It is not always obvious who should conduct a merge-request review. Code owners, who are designated to be responsible for specific files, are now automatically assigned as a confirmation merge request.
With the automatic assignment of confirming merge-requesters, the code owners will be notified of the changes, so that they can review them and approve or not miss the changes.
Support code owners appeared in the release of GitLab 11.3 ( original article , translation ). In future releases, the degree of participation of code owners in merger-requesting workflows with the required confirmation of the owner will increase.
Documentation for confirming merzh-request and original ticket .
parallel attribute to speed up work with the pipeline
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
The speed of the pipeline is an important factor for any team, and performing tests or other tasks that can be parallelized usually takes a lot of time for any assembly. Adding a new keyword - attribute parallel - allows teams to easily parallelize tests, speeding up the software delivery process. To use this feature, set the attribute the number of threads in which you want to run this task, and GitLab will create the necessary amount of work for your task on its own.
Documentation of the parallel attribute and the original ticket .
Other improvements in GitLab 11.5
Commenting on unmodified lines of code in a merge request
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
One of the key objectives of code review is to draw attention to aspects of the proposed changes that may not yet have been considered. Often these are indications of unintended consequences that may arise in unmodified code.
GitLab now supports commenting on both modified and unaltered lines of code in a merge request, so you can draw the author’s attention to changes that need to be made. To display unchanged lines of code when reviewing changes to a merge request, click the ellipsis ( ... ) button.
In future releases, we will expand support for commenting on unchanged files .
Documentation for discussions in merzh-requests and the original ticket .
Group file templates
(PREMIUM, ULTIMATE, SILVER, GOLD)
The LICENSE , .gitignore , Dockerfile , and .gitlab-ci.yml make it easy to add these commonly used files to projects. Custom file templates can now be shared among all projects in a group and in subgroups if you configure a group template repository.
Custom templates are useful in cases where the GitLab templates are not suitable: for example, when you need your own license, which is used in all projects of the company, or a complex Dockerfile, which should be used in each microservice.
Template file support for user instances was introduced in the release of GitLab 11.3 ( original article , translation ).
Documentation on the template files for the group and the original ticket .
Direct link to review apps
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
When you work in a separate branch and change only a few files, you do not need a link to the review applications to take you to the root of the project. For convenience, we added a drop-down menu to the link to the review applications, which now allows you to navigate directly to the pages of the files you worked with.
Documentation on the direct transition from source files to their pages in the environment and the original ticket .
Task Analytics
(PREMIUM, ULTIMATE, SILVER, GOLD)
In this release, we have presented a dynamic diagram showing the number of tasks created in your group per month or over the past year. We also added a filter that allows you to narrow the search to a specific set of tasks.
This feature will help teams conduct a deeper analysis of tasks. For example, you can quickly see how many tasks for the bugs were created if you select the appropriate “bug” mark.
Here you can see how we plan to expand the possibilities of diagrams . We ask you to participate in the discussion!
Documentation on task analytics and original ticket .
Preview of Merge Requests before departure
(PREMIUM, ULTIMATE, SILVER, GOLD)
Code review is a must-have practice in any successful project, however sometimes it is difficult to provide a clear and executable feedback. One of the problems is that comments on the code become irrelevant or incomplete as the reader understands what changes have been made by looking at the diff.
In GitLab 11.4, we presented a feature for a review of merge requests, which allows you to write and send several feedback items in one action. Starting with this release, you can view reviews of your Merge-Requests before sending them.
In the next versions we will improve this feature by adding email notifications - one for each review of the merge-request.
Documentation for previewing merge requests and original ticket .
Keep your email secret
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
When working together on a project, it is important to know who exactly is making changes to the code, and to be able to view the author’s profile through the GitLab interface when using locally or on a host located remotely, but this puts your email on a public display.
GitLab now provides a noreply address that can be used locally or for web commits, to make it easier for you to keep your email secret.
Documentation of private email and original ticket .
New CI / CD syntax for safety, quality and performance reports
(ULTIMATE, GOLD)
Prior to GitLab 11.5, reports such as SAST or DAST relied on a combination of task names and artifacts so that the system could recognize their type. Due to the increased performance requirements for accessing artifacts, such functionality was difficult to scale and maintain more advanced features like Group Security Dashboard. With the same syntax, you always had to give the work certain names (for example, sast ), but now you can specify any name you like for each work.
In GitLab 11.5, a new feature was introduced to use the new reports syntax for reports. Documentation for creating works with the new syntax is available at the following links: SAST , DAST , Dependency Detection , Container Scanning , License Management , Code Quality Assessment, and Browser Performance Testing . The old syntax has faded into the background, and in a future release, we may get rid of it. We’ll be happy if you update your work to take advantage of the improved performance and security panel of the group, even though the old syntax still works. To use the new syntax, GitLab Runner 11.5 or higher is required.
Documentation reports and original ticket .
Opening a merge-request with a patch via email
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
GitLab has long supported the opening of merge-requests via email, but earlier before sending email the branch should have already been created on the server. Now you can open merge-requests using one email, attaching one or more patch files ( .patch ) to the letter.
Patch files are a standard for sharing and transferring changes between systems. In future releases of GitLab, based on them, we will create distributed Merge Requests , which will allow us to share Merge Requests between GitLab instances and other tools for Git hosting.
Documentation on the opening of merge-requests via email and the original ticket .
Empty homepage on wiki projects
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
We have improved the wiki project creation process by removing the default project viewing page. Now the default home page is empty, which inspires users to add their own pages to the corresponding wiki and further development of projects.
Wiki project documentation and original ticket .
Opening Jaeger via GItLab
(ULTIMATE, GOLD)
Tracing provides an in-depth analysis of the performance and integrity of the application being deployed, since it can be used to track every function and microservice that processes this request. This makes it clearer to process the request from beginning to end, regardless of whether you are using a monolithic or distributed system.
In GitLab 11.5, we included an initial integration with Jaeger , the CNCF trace project , which allows users to easily open the Jaeger user interface from GitLab.
Trace documentation and original ticket .
Consistent names of task status checks when integrating with GitHub
(PREMIUM, ULTIMATE, SILVER, GOLD)
Now it became possible to set status checks for tasks on the GitHub side, simply by ticking “required”, without having to set up checks for each task individually based on their name. Previously, the names of the checks included the name of the branch, so the check could not be done simply. This feature can be connected in the settings section of the integration with GitHub.
Documentation on the name of the status check and the original ticket .
Omnibus Go apps now use the GitLab certificate directory
(CORE, STARTER, PREMIUM, ULTIMATE)
GitLab includes a range of Go-based applications. Prior to version 11.5, these applications used the standard system directory for trusted certificates instead of the Omnibus GitLab directory.
Starting from this release, Go applications use the same directory for trusted certificates as the rest of GitLab. The default is /opt/gitlab/embedded/ssl/certs/ . Using a shared directory makes managing certificates easier and allows you to work with them directly.
If you have GitLab installations that have dependencies related to the fact that Go applications used the system directory, move these certificates to the standard Omnibus GitLab directory.
Documentation for installing certificates and original ticket .
Notifications about closing epic
(ULTIMATE, GOLD)
Recently, we have added the ability to close epics, namely, to set different states of epics: open and closed. In this release, we also added notifications about the closure of epic or re-opening them, to make it easier for users to track changes in projects that interest them.
Notification documentation and original ticket .
Logging audit events in JSON
(CORE, STARTER, PREMIUM, ULTIMATE)
To simplify the analysis of audit events and their use outside of GitLab, we added the audit_json.log file to record the audit events in a structured log file. With this innovation, sending and parsing logs will be much easier, especially for visualization and analysis using other tools.
Documentation of audit events and the original ticket .
Auto-complete function for epics in task description and merge-requests
(ULTIMATE, GOLD)
Now it’s even easier to search for epics and link to them when working on a task or a merge request. Just enter & and a few numbers or characters in the task description or merge-request or in the comment. Using GitLab's autocomplete feature, the epic will be searched directly in the parent group, which allows you to select one of them without leaving the current page.
Documentation on special links GitLab and the original ticket .
List of files for viewing changes in merge-request
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
When viewing merge requests, you almost always have to move back and forth between files. Now, in addition to the file tree added to GitLab 11.4 ( original article , translation ), GitLab includes a list of files with changes that can be searched, which makes it easier to see which files have been changed, and switch between them through a list or tree — what you more likely.
Documentation for navigating the modified files and the original ticket .
More information about deployment in Merge Requests
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
Currently, information about the environment is hidden when starting a new pipeline. In this release, we add output information about the deployments to the widget to let you know that an update is currently taking place.
One of the most interesting results that can be obtained using this feature is that the link to the current deployment will remain available in cases when a new deployment is already running, which will allow you to find a link to the application page for the review. Previously, it was quite difficult to choose the right moment, in cases where several deployments occur simultaneously.
Documentation on the status of the pipeline in merge-requests and the original ticket .
Authentication in Jira Cloud via email or API token
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
Jira Cloud is going to get rid of usernames during authentication . , email- API Jira Cloud.
(STARTER, PREMIUM, ULTIMATE, BRONZE, SILVER, GOLD)
, . GitLab . , , GitLab , .
, - , URL, .
API
(ULTIMATE, GOLD)
, , : . 11.5 API, , , .
API .
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
GitLab , , . , . , , .
-, , .
(ULTIMATE, GOLD)
( , -) , , , .
r , , . e , l .
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
GitLab (Issue Boards), . , . , , , , , .
'index' , 'README'
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
README.* , «» GitLab . GitLab 11.5 index.* ( README.* ).
, , . , README.md , README.html , index.html « » URL, - http://example.com/page/index.html http://example.com/page/ .
RBAC ,
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
Kubernetes . RBAC (Role-based access control, ) .
GitLab 11.5, Kubernetes , ( , ) CI GitLab. , cluster-admin GitLab CI Runners .
RBAC .
-
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
, -. - , .
, -. - GitLab. , - , .
​​ .
Git API
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
Git Git Git. GitLab API. , API .
, Git push
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
, Git GitLab, GitLab , LFS (Large File Storage). , .
GitLab , - . .
, -
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
, - . , .
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
GitLab 11.5 , . , , , . : !
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
« » ('New group') « » ('New project'), , .
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
, «». , !
Gemnasium
(ULTIMATE, GOLD)
Gemnasium . GitLab , , .
GitLab 11.5 Gemnasium , . . , , , .
-
(PREMIUM, ULTIMATE)
, GitLab, 11.5:
- .
GitLab Helm chart
(CORE, STARTER, PREMIUM, ULTIMATE)
- LDAP OmniAuth
global, . , , , 11.5. - Git v2.
- GitLab Pseudonymizer .
- Maven.
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
, , GitLab. , , .
GitLab Runner 11.5
(CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD)
GitLab Runner 11.5! GitLab Runner — , CI/CD GitLab.
:
- «» (RAW) .
- .
CHANGELOG GitLab Runner'.
release notes / : GitLab 11.5 released with Group Security and Operations Dashboards, and Access Control for Pages .
')
Source: https://habr.com/ru/post/432264/
All Articles