GitLab 11.9 arrives with Secret Detection and newly open sourced ChatOps
In light of a new academic study that found over 100,000 GitHub repos with leaked API tokens and cryptographic keys, GitLab introduces with the 11.9 release secret detection as part of the SAST functionality to reassure its users. Let’s take a look at this new feature along with some other interesting highlights.
Consistent as always, Gitlab is back with another monthly update.
Among other important features, GitLab 11.9 brings an important update on leaked secrets.
Earlier this month, an academic study titled “How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories” was published. In this study, researchers from the North Carolina State University (NCSU) scanned billions of files from 13% of all GitHub public repositories over a period of six months and revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with thousands of new repositories leaking new secrets on a daily basis.
Quick to follow up on this study and reassure its users, GitLab introduces secret detection as part of the SAST functionality.
Let’s have a look at this new feature and some of the most interesting updates in this release.
Detect secrets and credentials in the repository – A new check called Secret Detection. It scans the content of the repository to find API keys and other information that should not be there. GitLab displays results in the SAST report in the merge request widget, pipelines reports, and the security dashboards.
Move ChatOps to Core – GitLab ChatOps provides the ability to trigger GitLab CI jobs from Slack by using the slash commands feature. This feature is now open source in alignment with the buyer-driven tier designation to encourage its use and contribution by the community.
Vulnerability remediation merge request – Now, remediation can be done without leaving the GitLab web interface. You can create a merge request directly from the vulnerability details window and this new branch will already contain the fix. You can then check if it solves the problem, and merge it into your original branch if the pipeline is green.
Container Scanning results in the group security dashboard – Container Scanning results are added to the dashboard, along with the already present SAST and Dependency Scanning findings. You now have a complete view in a single place, no matter the source of the problem.
CI/CD templates for security jobs – The Gitlab team ships built-in templates for all the security jobs, like
dependency_scanning, that are compatible with the GitLab version they come with. You can now include them directly into your configuration, and have them updated with your system every time you upgrade to a new version of GitLab, without any change to any pipeline configuration.
And as always, that is not all! There are several other improvements featured in the 11.9 release.
Here are some highlights:
- Project templates for .NET, Go, iOS, and Pages
- Reorder child epics
- Edit Knative domain post-deployment
- Validate Kubernetes CA certificate format
- GitLab self-monitoring with Grafana
- YouTrack integration
- De-duplicated Git objects for public forks (Beta)
- Simplify .gitlab-ci.yml on serverless projects
- Restrict JupyterHub login access only to group/project members
- Add Auto DevOps build job for tags
- SAST for TypeScript
- SAST for multi-module Maven projects
- GitLab Runner 11.9
Head over to the release notes to look at the extensive list of improvements, as well as all the information on the new features.