GitLab kun je vergelijken met het bekendere GitHub, maar bevat een aantal subtiele verschillen. Het is een omgeving voor het beheren van Git-repositories on-premises. Het wordt uitgegeven onder de MIT Expat-licentie en ontwikkeld in Ruby on Rails. Het is beschikbaar in drie versies, namelijk de gratis te gebruiken Community Edition en twee betaalde Premium en Ultimate edities, met meer functies die op grote bedrijven zijn gericht. De verschillende smaken worden op deze pagina uiteengezet. Het ontwikkelteam heeft GitLab 13.12 uitgebracht met de volgende aankondiging: GitLab 13.12 released with On-Demand DAST and Deployment Frequency Chart This month, we are excited to introduce usability and pipeline management improvements that strive to make your teams more productive, updates to make your deployments more secure, and insights to make your DevOps adoption more mature. These are just a few highlights from the 44 improvements in this release. Helping you manage security before it manages you To ensure your production environment is always secure, On-demand DAST scanning is now generally available for all GitLab Ultimate customers. These on-demand scans will allow you to scan an already deployed application or API in any of your configured environments outside of a CI/CD pipeline i.e., without requiring any code changes or merge requests to start a scan. The Semgrep SAST analyzer for JavaScript, TypeScript, and Python is also generally available. Semgrep’s flexible rule syntax is ideal for streamlining the GitLab Custom Rulesets feature for extending and modifying detection rules, a popular request from GitLab SAST customers. It also allows GitLab customers access to Semgrep’s community rules. Thanks to the community contribution from @proletarius101, we are also extending the Mobile Application Security Testing to support .ipa (iOS) and .apk (Android) binary files, in addition to Xcode projects and Android manifest files that are already supported. Many customers integrate their existing scanners into GitLab to benefit from a unified view. The Project Vulnerability Report now gives you the ability to filter by scanner and vendor, allowing you to filter scan results for only third-party scanners or for all scanners including those from GitLab. Application Security is a key focus area for GitLab for this year and your feedback is important to us. As the preference of web application development shifts rapidly towards building JavaScript-heavy and single-page applications, we have identified a need for a purpose built tool that provides more application testing coverage than a traditional proxy based crawler. We are inviting GitLab Ultimate customers to a public beta for a new browser-based crawler for DAST which is expected to provide significantly better security testing coverage for these modern applications compared to our current proxy-based crawler. Easier pipeline management for enhanced usability Pipelines are at the heart of our customers’ CI/CD success, and we want to make it easier to use for new and experienced users of GitLab. The pipeline editor will now come with a collapsible panel of guided instructions that will help new CI/CD users create their first pipeline in a breeze. For experienced CI/CD users that require more flexibility in creating their pipelines, we are now supporting wildcards in the include: keyword that will help you break your .gitlab-ci.yml file into multiple smaller files to improve reusability and readability. We also introduced the ability to define variables within rules, giving you the flexibility to set pipeline variables when certain conditions are met. Defining complex pipelines means there could be dependencies between jobs. The pipeline graph now shows dependencies between jobs, which is helpful to visually track and understand the expected order in which the jobs will be run. Insights to improve your DevOps maturity You cannot fix what you cannot measure. In that spirit, we are continuing to natively support DORA4 metrics. We are happy to announce the introduction of a group-level deployment frequency chart, which will help you understand the efficiency of your deployments over time, find bottlenecks, and focus on improvement areas that span across your projects and teams. Value stream analytics help you identify inefficiencies and identify the root cause of those inefficiencies in your workflow. In 13.12, we have introduced pagination and sorting of workflow items, which allows you to easily visualize and sort items in a specific stage to pinpoint bottlenecks. The Days to Completion chart has been updated to show the average time to completion, which helps identify meaningful trends over time. In this release, thanks to the community contribution from @leetickett, we introduced the ability to view a time tracking report within an individual issue or merge request to provide visibility into how much time each contributor spent. For many of our customers, merge requests are the central space for collaboration. We have introduced the ability to see code quality violations and screenshots of failed tests within the merge request to give you necessary context as a part of your normal workflow within GitLab. And so much more! We continue to invest in improving the product usability in every release. Some of our favorite quality of life improvements in 13.12 include: