Every month teams at Gitlab release an update with lots of bug fixes & feature improvements.In this month’s release of version 10.5 in Gitlab, they have added capabilities which include – encrypting GitLab traffic more efficiently, improvements on application security, scaling CI/CD management.
HTTPS is one pillar of internet security and a must-have if your GitLab instance is exposed to the web. What does it do, you ask? It mainly provides two important benefits. Firstly, your traffic is encrypted to and from the server, protecting credentials & other sensitive data from getting misused. Secondly, it will allow users to verify the site identity. Without a verified identity it’s possible for users to log into the wrong site. These capabilities are mainly important for mobile and remote users, who often use unsecured Wi-Fi increasing the risk of interacting with a malicious site.
Although HTTPS provides great security, setting up HTTPS and requesting certificates can be a hassle involving credit cards and key management.
Gitlab now has integrations with Let’s Encrypt. Let’s Encrypt is a free, automated, and open certificate authority. With this integration enabling SSL certificates is instant. Enabling Let’s Encrypt on your GitLab instance ensures traffic to your GitLab instance is encrypted and the identity of your site is verified. The Let’s Encrypt integration is now available on both paid and open source GitLab.
Running DevOps in an enterprise environment comes with a lot of complex challenges. In larger organizations, DevOps team is the team which is responsible for providing CI/CD pipelines to a large number of development teams throughout the organization.
In the recent years, this was a tedious process to manage. There wasn’t a scalable way to distribute reusable pipeline configuration which meant code needed to be manually copied between multiple .gitlab-ci.yml files in multiple projects. This was a labor-intensive and error-prone process. Additionally, it didn’t provide adequate controls to ensure testing and deployment is consistently enforced for each repo.
Other enhancements in this release include
If you remember, last month GitLab acquired Gemnasium. Gitlab has now enabled Gemnasium’s advanced dependency-checking functionality to its users. GitLab is providing a single application architecture so that your devs, QA, security, and operations can work concurrently off the same data in the same interface. For this reason, Gemnasium’s technology is now integrated into GitLab CI/CD, supercharging security testing.
If you are interested in getting a license for Gitlab, we at Lyra can help. Get in touch with us and we will help you out with the editions and the pricing!