GitLab 11.8 released with JavaScript support in SAST, subgroups in Pages and error tracking
* author of the illustration: carmen_dorin
JavaScript support in SAST
The static security testing feature of GitLab applications (SAST) scans the source code and helps to detect potential security threats in the early stages of the pipeline. In version 11.8, we added the JavaScript support option in SAST in addition to the existing node.js support option. Now it is possible to scan any JavaScript files, such as static scripts and HTML. The main DevSecOps method is to scan code changes at every commit, and thanks to this change we cover one of the most popular web languages, helping you to identify dangerous places in JavaScript code as early as possible.
GitLab Pages for subgroups and templates
In this release of GitLab, we have significantly improved GitLab Pages, and among the innovations are 2 key improvements. First, we implemented GitLab Pages support for projects in subgroups , making it possible to publish the contents of these projects on the web. GitLab 11.8 also integrates our most popular templates for Pages , and thus, users can get started in one click.
Bug tracking with Sentry
Application errors provide important information about the status of the application and can help detect problems before they are reported by users. GitLab 11.8 displays the latest errors directly in the project: it is now much faster and easier to detect them and take appropriate measures.
And many other great features!
The release contains a number of useful features, and we would like to highlight some of them:
- Permission Requests Rules . Simple rules for those who need to approve changes, whether it is an individual user, group or position. The feature will soon be available on GitLab.com, and the administrator will be able to activate it in your GitLab instance.
- A set of application parameters for the media . Previously, options were turned on or turned off for all of your environments. It's finished! Now the parameters for individual environments are included selectively. The feature is available on GitLab.com now, and the administrator can activate it in your GitLab instance.
- An improved feature for combining descriptions in commits . Those who like to create detailed descriptions in commits will probably be upset by their loss in a joint commit. In 11.8, merged commits now automatically use the first multi-line description in a commit, and can also be redefined to provide additional improvements.
The most valuable employee (MVP) of this month was Aaron Walker.
In this release, the author walkafwalka added 2 new Auto DevOps features: support for custom domains and redeployment when changing only secret keys . Thanks for the improvements!
Key features added to GitLab 11.8 release
JavaScript support in SAST
Available in: ULTIMATE, GOLD
The Static Application Security Testing (SAST) feature allows you to detect vulnerabilities in the source code every time you make a new change to the repository. With such information in Merge-Request, you will be able to implement the function of a safe shift to the left and solve problems before they are merged into a stable branch.
In version 11.8, we added JavaScript to the list of languages ​​supported by SAST. You don't need to change anything in the pipelines. JavaScript projects are automatically recognized and analyzed for security threats. This is also an element of Auto DevOps .
Bug tracking with Sentry
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Tracking errors that occur in an application allows you to detect problems before they are reported by users.
GitLab 11.8 makes the bug monitoring process more convenient and efficient by integrating the popular open source bug tracking program Sentry and displaying the latest bugs directly in the GitLab project.
Sentry recently expanded GitLab integration capabilities , allowing you to detect suspicious commits, track releases and commits, and more. Through a combination of integration tools, moving from Sentry to GitLab and vice versa is easy, and thus problems are solved within the context, within the existing process.
One-Click Website Creation with Integrated Templates
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Now we integrate our most popular Pages templates directly into GitLab, allowing you to create websites directly from the new project creation screen without branching out the sample repository, as before.
For more information, see our article on using GitLab Pages templates .
Subgroup support in Pages
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
The Pages function has been modified to work with subgroups in GitLab, which also provides the ability to create Pages sites. Sites created in this way have URLs in the format toplevel-group.gitlab.io/subgroup/project . This will provide projects, even if they are part of subgroups, with access to the ability to create documents or other sites required as part of the software release process.
Permission Requests Rules
Available in: PREMIUM, ULTIMATE, SILVER, GOLD
Code review is an essential element of any successful project, but it is not always clear who should review the changes. As a rule, the participation of reviewers from different teams is desirable: development teams, user interaction teams, production teams.
The authorization rules added in GitLab 11.8 allow you to improve the process of interaction between people involved in code review by defining a circle of authorized approvers and a minimum number of permissions. Permission rules are displayed in a merge-request widget - so you can quickly assign the next reviewer.
In GitLab 11.3, we introduced the Code Owners option - to designate team members responsible for specific parts of the project code. The Code Owners feature is integrated into the authorization rules, and thus, you can always quickly find the right people to review changes.
By default, the Resolution Rules in 11.8 are disabled; the instance administrator must enable them by running the Feature.enable(:approval_rules) command on the Rails command line.
Permission rules are temporarily disabled on GitLab.com. They will be re-enabled after deploying GitLab 11.8.1. Track this task in updates.
Advanced Inter-Project Pipeline Triggers
Available in: PREMIUM, ULTIMATE, SILVER, GOLD
Starting with GitLab 9.3, you can create multi- project pipelines by running a downstream pipeline through a call to the GitLab API in your task. In version 11.8, we added a first-class feature to support the launch of a downstream pipeline using the trigger: keyword that can be added to the bridge task to automatically start the downstream pipeline upon successful completion of the current one.
Improved combining of descriptions in commits
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Creating a git story that will be readable and useful to people in the future can be broken by small commits, with one-line descriptions that fix bugs revealed by automated tests, or make changes resulting from a discussion between developers.
GitLab now, by default, merges messages into commits, first inserting the first multi-line description from commits into the git branch and allowing you to override the final description in the combined commit so that you can update it and reflect any important changes.
Auto DevOps support for custom domains in a specific environment
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Auto DevOps allows you to quickly get started by adding a “base domain” to your projects. If your application is ready for deployment in a production environment, you may need additional domain names.
Use the ADDITIONAL_HOSTS environment variable to designate one or more additional domains for your application. Add them to a specific environment by <ENVIRONMENT>_ADDITIONAL_HOSTS name of the environment to the variable, i.e. <ENVIRONMENT>_ADDITIONAL_HOSTS .
We thank Aaron Walker for the contribution!
Scale function mapping for Knative functions
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Delivering functionality using gitlab serverless uses all knative benefits, such as scaling a service up and down to zero.
You can see the size of your serverless application for each component hosted in knative. The size shows the current number of running kubernetes pods.
Other improvements in GitLab 11.8
Determining the first day of the week
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Previously, GitLab calendars assumed that the week starts on Sunday. Users can now select Monday in their profile: this is reflected in the app when they select a date and on the distribution graph.
We thank Fabian Schneider for the contribution!
Scrolling the schedule forward to the future, and back to the past
Available in: ULTIMATE, GOLD
When you first start the schedule, GitLab pre-selects for you the time period: weekly, monthly or quarterly interval. But the view was fixed, and the epics outside the displayed area were hidden.
Now scroll the chart forward to the future, and back to the past. The epics that fall into these extended periods will automatically be displayed, without requiring the page to be updated in any way, which will allow you to easily see even more epics for the desired period.
Authentication by credentials from a smart card using LDAP
Available in: PREMIUM, ULTIMATE, SILVER, GOLD
Organizations that use smart cards as authentication tokens often use LDAP to centrally manage identity information. In version 11.8, we repeated the smart card authentication function added in version 11.6 , which allows us to authenticate with smart card credentials through a customized LDAP server.
The GitLab method uses standard RFC4523 schemes based on the certificateExactMatch rule.
Set of application parameters for environments
Available in: PREMIUM, ULTIMATE, SILVER, GOLD
You can now individually enable or disable settings for individual environments. Control the parameters by creating a set of rules based on matching the name of the environment. By default, this is always the rule of the special character ( * ), but you can set additional rules by adding other environment characteristics (for example, review/* ).
In version 11.8.0, this feature will require you to include a parameter with the Feature.enable(:feature_flags_environment_scope) command Feature.enable(:feature_flags_environment_scope) on the Rails command line.
Modifying the Kubernetes Runner application by integrating Kubernetes
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Using the latest version when running applications deployed on the basis of Kubernetes, will provide access to the latest features and maximum security.
GitLab 11.8 allows you to update GitLab Runner to Kubernetes with one click. Future releases will include a similar set of features for other applications.
Logging recent user actions in GitLab now includes viewing data
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
GitLab includes the user attribute, last_activity_on , helping administrators understand when the user has performed the last actions. This is very useful when identifying active and inactive users.
To ensure that actions with read-only access are last_activity_on , we expanded last_activity_on to update data on page visits related to information panels, projects, tasks, and merge requests.
Display user actions and creation dates in the admin panel
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
For instance administrators, understanding the level of user activity in GitLab should not be difficult. Therefore, we added the date of the creation of the user and the date of the last action of the user in the user area of ​​the admin panel at /admin/users .
Learn more about the types of actions that GitLab regards as activity here .
Search for repository tags in a project using the API
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Now you can search for repository tags in the project using API tags . This greatly simplifies the process of finding a specific tag in the project; If you are looking for related projects with a specific version tag, you can now easily find related projects.
Thanks to Robert Schilling for making a contribution!
Project tags are now project topics.
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Project tags are a convenient way to organize related projects, but the term “tag” conflicts with Git tags. To solve the problem, we renamed the project tags to project themes and adjusted their display on the project overview page.
We are happy to make themes more useful for finding projects and add a theme filter to the project information panel in version 11.9.
Improved group view and reduced free space
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
In version 11.8 we redesigned the design and increased the information density of the group review function. We reduced the amount of free space on this page and rebuilt the user interaction mechanism by redesigning the project review function .
This is the first step of a large set of improvements to the team’s review page, and we are pleased to continue working on improving it.
Improved project lists with increased information density
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
We responded to user feedback regarding the first change to the design of the project list — we increased the information density on this page with an additional column and reduced free space.
Recycled Merge Requests Based on Related Tasks
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
We have remade the section of related merge-requests into a task to ensure the visual integrity of the related tasks and aesthetic appearance.
We will even add more metadata to each row in a future release, so that users can view relevant information on Merge Requests faster and in context.
Child epics in API epics
Available in: ULTIMATE, GOLD
In the previous release, we introduced child epics , the ability to add epics to epics. This release also allows you to manage these epic links through the API. Thus, you can now manage individual processes in your teams, including in automatic mode.
Managing group labels via API
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Now you can manage the labels of groups through the API, similar to the labels of projects, which contributes to the individual planning and implementation of processes in your teams.
Thanks to Robert Schilling for making a contribution!
Moving Auto DevOps Domain from CI / CD Settings to Cluster Settings
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Defining a base domain for Auto DevOps allows you to take advantage of a number of useful features, such as Auto-Review and Auto-Deploy applications. Now we have simplified the domain definition process even more: you can move it directly to the cluster settings. As a result, it is very easy to determine the base domain if the cluster is created, and you can also define different domains for different clusters.
.Html extensions are now automatically resolved for Pages
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
The file on the Pages website called /sub-page.html can now be accessed as /sub-page , which offers you more options for showing your website to users.
Predefined Pages Variables in CI
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
CI_PAGES and CI_PAGES_URL added as CI variables for the Pages pipeline, which allows you to see the domain name Pages and URL. This provides more flexibility when working with Pages deployed in several places.
TLS support in Gitaly
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Gitaly now supports TLS, so all the data exchange between GitLab and Gitaly is encrypted if TLS is enabled. First, the data exchange between GitLab and Gitaly was not encrypted and depended on the security of the network.
Adding tolerations to runners in Kubernetes
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Kubernetes offers an excellent opportunity to ignore the hardware used to launch applications. However, some tasks require the use of special equipment, including such tasks, which require more resources than others.
Kubernetes supports this option by introducing taints and tolerations to take these factors into account when planning the placement of sweeps. We added native support for taints and tolerations in GitLab Runner to support these types of processes.
Convenient transition between files when viewing changes in a merge request
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
The review of volume merge-requests is difficult, in particular, when moving from one file to another. The new matchmaking system makes the transition from one file to another painless, so you can quickly track differences using the keyboard.
Elitalsearch support in Gitaly
Available in: STARTER, PREMIUM, ULTIMATE
Previously, you had to use NFS to access Git on the file system when Elasticsearch was used. This release allows you to use Gitaly instead of NFS, which increases the efficiency of Git during data input and output.
Getting alerts from manually configured Prometheus instances
Available in: ULTIMATE, GOLD
In GitLab 11.3, we introduced support for setting up alerts , however it was limited to Prometheus instances deployed through GitLab integration with Kubernetes .
In GitLab 11.8, manually configured Prometheus servers can also warn GitLab of the dangers by simply adding GitLab as a Webhook recipient in the alert manager. Receiving alerts, GitLab sends emails to maintainers and owners.
The number of permissions in the list of Merge Requests
Available in: STARTER, PREMIUM, ULTIMATE, BRONZE, SILVER, GOLD
Merge-requests, allowed and ready for merge, can now be easily seen in the list of merge-requests. The number of required permissions and the number of permissions received are now displayed in the list of Merge Requests.
We thank Andy Steele for the contribution!
Privacy Tasks for Security Vulnerabilities
Available in: ULTIMATE, GOLD
Users can create new tasks to eliminate security vulnerabilities based on security reports in merge-quest, on the pipeline screen and on the security information panel. This information contains confidential data that may disclose confidential information that is not subject to disclosure before the correction is available and released.
Starting from GitLab 11.8, tasks created in connection with a vulnerability are flagged as confidential by default, and users can disable the option if the information can be disclosed.
Removing unused tags from the container registry using the API
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Many organizations create containers for each commit in order to simplify the verification of code changes as well as the final deployment. This can lead to a large number of container tags that are used for a short period of time and are no longer required.
GitLab 11.8 now allows end users to clean up container registries using the API, removing tags individually or in bulk using regular expressions.
Forced redeployment when updating Auto DevOps application secret keys
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
When you configure the application's secret key for Auto DevOps using the syntax of the variable K8S_SECRET_ , the corresponding secret key Kubernetes is created for your application.
When updating these secret keys of the application, Auto DevOps will re-deploy the application with the updated secret keys.
We thank Aaron Walker for the contribution!
Displaying the cluster environment in the list of serverless functions
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
The Serverless page has been enhanced and now groups the functions deployed in Knative based on the cluster environment in which they are deployed.
In addition, the function description is now displayed along with an action button for copying the end point of the function and opening the end point in a new tab.
Providing Cert-Manager with the URL of Auto DevOps applications
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Cert-Manager offers an easy way to add HTTPS support for Auto DevOps applications. Now there is support for more URLs longer than 64 characters, which are supported by Let's Encrypt by default, which provides more flexibility to applications.
GitLab Runner 11.8
Available in: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
We also released GitLab Runner 11.8 today! GitLab Runner is an open source project that is used to run CI / CD jobs and send the results back to GitLab.
The most interesting changes :
- Adding a patch for the race condition when deleting the Windows cache
- Prevent Runner from changing settings by artists
- Adding support for fedora packages / 29
- Docker SDK Client Update
A list of all changes can be found in the GitLab Runner change log: CHANGELOG .
Omnibus Improvements
Available in: CORE, STARTER, PREMIUM, ULTIMATE
- The docker-distribution-pruner GitLab package is now associated with Omnibus, which offers administrators a way to clean up registry storage.
- GitLab 11.8 includes the Mattermost 5.7.1 , an open source equivalent of Slack , the latest release of which includes a number of improvements to the user interaction mechanism. This version also includes security enhancements ; .
node_exporterOmnibus docker .- , Unicorn, Sidekiq, Postgres, .
nginx1.12.2,registry2.7.1,gitlab-elasticsearch-indexer1.0.0.prometheus2.6.1,node_exporter0.17.0,redis_exporter0.26.0.
: CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
GitLab GitLab .
GitLab Chart
: CORE, STARTER, PREMIUM, ULTIMATE
- GCS .
- Postgres TLS .
ruby2.5.3.
Ruby 2.5
GitLab 11.6 GitLab Ruby 2.5. Omnibus GitLab GitLab Chart Ruby 2.5.3, Ruby 2.4 .
: 22 2018 .
Raspbian Jessie
GitLab 11.8 — Raspbian Jessie.
Jessie LTS , Raspbian Jessie image . Raspbian Stretch .
: 22 2019 .
Google OAuth2 SSO GitLab 11.7+
7 2019 Google API Google+. Google .
GitLab 11.7 API Google OAuth2, Google . GitLab 11.7 Google SSO .
Google OAuth2, 11.7 .
: 7 2019 .
Git GitLab 11.9
Git .
, , Git. GitLab 11.9 , .
: 22 2019 .
Hipchat
Hipchat . GitLab Hipchat 11.9 .
: 22 2019 .
CentOS 6 GitLab Runner Docker
Runner CentOS 6 Docker GitLab 11.9 , Docker, CentOS 6. .
: 22 2019 .
System Info
GitLab GitLab admin/system_info , .
: 22 2019 .
GitLab.com Pages
GitLab.com , , ( 4 ). GitLab, , , . , , - . GitLab.com Pages 404, , .
: 22 2019 .
Prometheus 1.x Omnibus GitLab
GitLab 11.4 , Prometheus 1.0 Omnibus GitLab. Prometheus 2.0 , 1.0. 2.0 , , .
GitLab 12.0 Prometheus 2.0, . Prometheus 1.0 .
: 22 2019 .
TLS v1.1 12.0
GitLab 12.0 , TLS v1.1 . , Heartbleed, GitLab PCI DSS 3.1.
TLS v1.1, nginx['ssl_protocols'] = "TLSv1.2" gitlab.rband gitlab-ctl reconfigure .
: 22 2019 .
OpenShift GitLab
gitlab helm chart — GitLab Kubernetes, OpenShift .
OpenShift GitLab GitLab 12.0 .
: 22 2019 .
GitLab Geo GitLab 12.0
GitLab Geo (race condition) . gitlab-ce#40970 .
11.5 Geo: gitlab-ee # 8053 .
11.6 sudo gitlab-rake gitlab: geo: check , : gitlab-ee # 8289 . Geo, , .
11.8 gitlab-ee!8433 “Admin Area › Geo › Nodes”, .
12.0 Geo -: gitlab-ee # 8690 .
: 22 2019 .
List of changes
, :
Installation
GitLab, . GitLab .
Update
GitLab
GitLab : (SaaS) .
- Core : , GitLab .
- Starter : , , , .
- Premium : , , 24/7.
- Ultimate : , .
SaaS — GitLab.com : , GitLab; .
')
Source: https://habr.com/ru/post/442144/
All Articles