“GitLab’s vision for generative AI is grounded in privacy, security, and transparency. Our partnership with Google Cloud enables GitLab to offer private and secure AI-powered features, while maintaining customer data in our cloud infrastructure,” said David DeSanto, chief product officer at GitLab. “This allows us to harness the power of Google Cloud, while continuing GitLab’s privacy-first approach to customer data. We look forward to our continued collaboration to deliver enterprise-grade AI-assisted functionalities to joint customers.” 

One of the new features is called “Explain this Vulnerability,” which provides natural language descriptions of vulnerabilities and also offers recommendations on what to do about them.

GitLab also has some existing AI features in its platform, such as Code Suggestions and Suggested Reviewers. There are also developer productivity features like Explain this Code, Summarize Issue Comments, and Summarize Merge Request Changes. 

The hope that GitLab has with this partnership is to improve “DevSecOps workflow efficiency by 10x.” According to a recent survey by the company, 62% of developers used AI to check code in 2023, which was up from just 51% in 2022. They also found that 36% use AI for code review. 

“Organizations today are required to deliver software faster than ever before to remain competitive while requiring a stronger security posture in order to maintain customer, investor, and stakeholder trust,” said June Yang, VP of Cloud AI and Industry Solutions at Google Cloud. “Together with GitLab, we’ll be able to deliver generative AI functionality that empowers our joint customers to increase delivery velocity without sacrificing security.”

The post GitLab and Google Cloud partner to add generative AI to DevSecOps workflows appeared first on SD Times.

The company’s aim behind the improvements is to help fill the skills gap since security engineers are outnumbered and 85% of respondents to a 2023 GitLab Global DevSecOps Report: Security Without Sacrifices report said their security budgets are flat or reduced. 

“We believe in a simple mantra: Velocity with guardrails. Artificial intelligence technologies and automation solutions accelerate code creation and, when paired with a comprehensive DevSecOps platform, create the security and compliance guardrails that every company needs,” GitLab stated in a blog post. 

Code Suggestions, which can improve developer productivity without context switching and within a single DevSecOps platform, is free for all Ultimate and Premium Customers in the Beta.

The recently introduced Value Streams Dashboard offers decision-makers valuable insights into metrics that can help them recognize patterns and trends, enabling them to optimize software delivery. The dashboard takes into account the DORA metrics and tracks the flow of value delivery across various projects and groups, providing strategic insights that can aid in improving the overall software delivery process.

In addition to other features, users of GitLab can establish license policies and examine software licenses for compliance. The scanner tool can retrieve license information from packages that are dual-licensed or have multiple licenses that apply. Moreover, it can identify more than 500 types of licenses, which is a significant improvement from the previous capability of identifying only 20 types of licenses. 

With the help of license approval policies, organizations can minimize the risk of using unapproved licenses, which can save them time and effort that would otherwise be needed to manually ensure compliance.

GitLab also stated that it now automatically revokes PATs leaked in public GitLab repositories to mitigate the risk of a developer mistakenly committing a PAT into their code. Leaked secrets in public projects can be responded to by revoking the credential or notifying the vendor who issued it. 

The company said that there will be more guardrails coming in 2023. One is group and subgroup dependency lists that provide users with a simple way to view their projects’ dependencies. Other capabilities will include continuous container and dependency scanning, management tools for compliance frameworks, and SBOM ingestion to import CycloneDX files from third-party tools. 

The post GitLab announces new AI-powered capabilities appeared first on SD Times.

Approval by multiple users is a new feature itself. Previously if you did have that requirement you would have to create an approval rule and now it is handled by the Code Owners file. Approval rules apply to entire branches, but Code Owners rules can be applied to specific parts of code.  

“So, the multiple approvals would have also been required for changes that do not need a high level of scrutiny leading to unnecessary reviews,” explained Christen Dybenko, senior product manager at GitLab, wrote in a blog post. 

Another update to do with approvals is license approval policies, which is intended to replace the deprecated License-Check feature, though GitLab has stated the two can be used simultaneously.

With license approval policies, users can choose who can edit them, multiple policy rules can be created and chained together, a two-step approval process can be enforced, and a single set of policies can be applied to multiple projects.

GitLab 15.9 also introduces a new method for detecting licenses. It can parse through and identify over 500 licenses. It can extract information from packages that contain multiple licenses as well. 

Among the new updates in 15.9 is the ability for administrators to grant people with the role of Guest to view private repository content. Previously guests wouldn’t have been able to actually view the code.

Another update is that notifications are now available in the GitLab for Slack app. Users can specify which Slack channels to notify based on merge request changes, push events, issue changes, and other GitLab events.

This means the current Slack notifications integration is being deprecated and will be removed to enable the company to focus entirely on GitLab for Slack. 

There is also a closed beta for GitLab Code Suggestions, which provides suggestions for snippets of code or line completions. 

Other new features to look for in GitLab 15.9 include timestamps on incident tags, OpenID Connect, and removal of character limitations in unexpanded masked variables.

The post GitLab 15.9 introduces new approvals process appeared first on SD Times.

It gets rid of location, device, and complex toolchain barriers to keep workflow distractions down to a minimum. 

“For developers, frequent context-switching between different environments, navigating complex and extensive toolchains, and managing a local development environment can create friction,” GitLab wrote in a blog post. “GitLab Remote Development helps organizations better support developers by enabling them to spend less time managing their development environment and more time contributing high-quality code.”

The core of GitLab Remote Development is the Web IDE Beta, which allows users to safely connect to a remote development environment, execute instructions in a terminal panel, and get immediate feedback right in the Web IDE. 

The Web IDE Beta uses a more sophisticated VS code interface and can carry out several of the most frequent tasks on the current Web IDE, such as committing changes to multiple documents and analyzing merge request diffs.

GitLab’s roadmap for Remote Development includes provisioning instances of remote development environments on demand in the customer’s choice of the cloud provider and allowing teams to share complex multi-repo environments.

Users will also be able to connect from many IDEs such as VS Code, JetBrains, Vim, or the Web IDE and access advanced security tools, authorization, reports, and audit logs.

The post GitLab announces Remote Development to reduce context switching distractions appeared first on SD Times.

According to GitLab, this new Web IDE is more user-friendly and efficient. It combines VS Code’s core features along with heightened performance and the ability to securely connect to a remote development environment straight from the Web IDE.

GitLab.com users can expect the new Web IDE Beta by default on December 19, 2022 with no installation necessary. 

For self-managed users, the Beta version will be available as a part of the GitLab 15.7 release, which is coming on December 22, 2022. It will be behind a feature flag that can be enabled by administrators on an instance-level. 

Some key features include: 

• A customizable interface with collapsible panels and custom themes 
• Contextual actions and drag and drop support in the file panel 
• Find and replace across open files 
• An interactive document outline and visual history panel
• A reduction in memory usage over the last Web IDE
• Improved reliability of tracking changes to files and directories 
• Better support for touchscreen devices 

Lastly, the beta version offers users a new category to GitLab by allowing them to securely connect to a remote development environment, run commands in an interactive terminal panel, and get real-time feedback from inside the Web IDE. 

For more information on this beta release, visit the website. 

The post GitLab announces beta of its new Web IDE appeared first on SD Times.

It provides advanced features such as automated backups, high availability, and automation of operations. It also offers a managed environment for hosting and managing Kubernetes clusters.

GitLab Dedicated can serve as an enterprise DevSecOps platform with the added focus on data residency, isolation, and private networking to meet compliance needs, according to the company in a blog post. This need is prevalent with large enterprises and companies in regulated industries. Organizations can choose cloud regions that work for them and regional requirements.

“GitLab Dedicated is not only single-tenant, region-based, and privately connected, but it’s also managed and hosted by GitLab and deployed in the customer’s cloud region of choice. Organizations can quickly realize the value of a DevSecOps platform without requiring staff to build out and manage infrastructure,” David DeSanto, VP of product at Gitlab wrote in the blog. “Organizations get all of the benefits of GitLab — shorter cycle times, lower costs, stronger security and more productive developers — with lower total cost of ownership and quicker time to value than hosting themselves.”

As GitLab scales this new offering, it is making GitLab Dedicated available by inviting customers to join the waitlist. 

The post GitLab Dedicated serves as single-tenant SaaS solution appeared first on SD Times.

“We believe that it should be trivial to deploy web applications (and other workloads) from GitLab to major cloud providers. To support this effort, Cloud Seed makes it simple and intuitive to consume appropriate Google Cloud services within GitLab,” GitLab wrote on the project’s documentation page. 

While it is initially available for Google Cloud, GitLab hopes to work with every major cloud provider to extend it to those platforms as well.

GitLab users can use the interface to set up automated deployments to Google Cloud Run, and all Git commits, branches, and tags will be deployed to the proper Cloud Run environment. 

It can also be used to provision Google Cloud SQL databases, with support for all major versions of PostgreSQL, MySQL, and SQL Service. 

To learn more, visit the Cloud Seed website. 

The post SD Times Open-Source Project of the Week: Cloud Seed appeared first on SD Times.

Also included in this release are improvements intended to speed up the user’s workflow in the WYSIWYG Markdown editor for their wikis.

According to the company, there will be no more un-styled, monochrome code blocks. Users will choose from 100+ languages in the dropdown list above the code block so the CSS, YAML, and Python code are separate from each other with accurate syntax highlighting. 

Editing links and images in the WYSIWYG editor has also become easier with a new popover menu that appears when the user selects a link or attached image. 

Additionally, Advanced Search is now compatible with the open-source Elasticsearch fork, OpenSearch, allowing customers to take full advantage of OpenSearch for Advanced Search. 

GitLab 15.0 also brings the ability for a group to manage several sets of concurrent iterations with iteration cadences. This works to allow each team to have control over the start day and duration of each iteration in their iteration cadence. 

Another key feature is internal notes that enable teams to redact certain discussions containing internal or customer data that should only be visible to specific users, while keeping the core details about the issue public. 

Internal notes in issues or epics can be seen only by the issue author, assignee, and group or project members with at least the Reporter role. 

This release also offers users the capability to use nested CI/CD variables with environments in pipeline configuration. Users can nest variables inside other variables and have them all expand in the way they expect, increasing the flexibility of dynamic environments. 

To learn more about GitLab 15.0 and the improvements that come with it, see here, or register for the launch event.

The post GitLab 15.0 is now available appeared first on SD Times.

This update supports linking epics using “related,” “blocking,” or “blocked” relationships, allowing users to track and manage epic dependencies across GitLab groups. According to GitLab, this works to reduce variability and increase predictability in delivering value.

GitLab 14.9 also enables users to use rule mode when designing and editing scan result policies without the need to edit the policies YAML directly. This results in simplicity when creating and managing merge request approval rules that are triggered based on a certain threshold of vulnerabilities.

Additionally, the Deployment Approval capability is now available in the GitLab interface. This allows deployment approvers to view a pending deployment and approve or reject it right from the Environments page.

With this, there has also been an update to the Environments page. Users can now see the status of their latest deployment, the status for variable environments, and which commits have already been deployed. 

In order to help data teams continuously improve their stability metrics, GitLab 14.9 also brings API support for Time to Restore Service.

Finally, with the new integrated security training functionality, developers can quickly review targeted, context-related training in order to address security issues as a part of their normal workflow.

For more information on this release, click here.

The post GitLab 14.9 now generally available appeared first on SD Times.

This integration will work to enhance real-time secure coding guidance, which is an important piece of the process of detecting and fixing vulnerabilities.

“Developers are expected to deliver code faster than ever before, which can make security oftentimes an afterthought. However, if developers can get actionable secure coding guidance throughout their workflows, they’ll be enabled to find and fix vulnerabilities whilst taking their security knowledge to the next level. We’re proud to partner with GitLab to give millions of developers an easier pathway to make this a reality,” said Pieter Danhieux, co-founder and CEO of Secure Code Warrior. 

This partnership is geared at further embedding security into the developer workflow in order to ensure a higher standard of code quality. 

According to the companies, with this integration, organizations will be able to implement security best practices in a way that makes sense to developers. This will help to increase developer productivity as well as the quality and safety of code. 

“Security has become top of mind for many organizations; however, software development teams still contend with increasingly complicated security policies and sophisticated tools just to prevent potential vulnerabilities from slipping into production,” said Nima Badiey, vice president of global alliances at GitLab. “By offering Secure Code Warrior’s contextual learning across secure coding in our DevOps Platform, we provide another tool for developers to utilize as they take more ownership and control of establishing security practices earlier in the development chain.” 

To learn more about Secure Code Warrior’s partner program, click here. 

The post Secure Code Warrior launches GitLab integration appeared first on SD Times.