GitLab 12.9 improves code quality reports and secrets storage
The newest monthly update for the complete DevOps platform is here with new features for paid and free users alike. GitLab 12.9 includes Code Quality Reports and a new security method that allows users to leverage HashiCorp Vault to securely manage secrets and keys.
The new update includes a new way to leverage HashiCorp Vault and secure your applications with Secrets Management, Code Quality Reports, and much more.
🆕 GitLab 12.9 released with Vault App, Code Quality Reports and Group Deploy Tokens! Enjoy! 🥳🎊https://t.co/VWx7yDtPBX
— GitLab (@gitlab) March 22, 2020
New security features
12.9 includes better secrets management. Users can now install HashiCorp vault within a Kubernetes cluster in order to manage secrets, keys, and tokens at the Helm level. The new secrets management update is available for all users, including those using the free version of GitLab.
In addition to this, Ultimate and Gold users can now receive suggested solutions for security vulnerabilities in Container Scanning. When Container Scanning detects a vulnerability, it will offer a suggestion on how to remediate it where applicable. Select ‘resolve with merge request’ and submit the generated request.
Group Deploy Tokens
Available for all users, GitLab now supports deploy tokens beyond the project-level scope. This enhancement will help improve security in the Container Registry and makes it easier than ever to manage deploy tokens.
From the release blog by Larissa Lane:
With GitLab 12.9, managing deploy tokens in bulk is now more efficient, as we are not only introducing deploy tokens at the group level but also APIs to create, list and revoke deploy tokens. If a specific project requires to use different tokens, project-level deploy tokens override group level deploy tokens.
Read more about this new feature in the documentation.
Code Quality Report
The Full Code Quality Report expands upon the code quality feature already present in Merge Requests.
It displays potential code quality issues and suggests how to fix the problem, ensuring flaw-free, high-quality code. The entire JSON report is available as a downloadable artifact and in the CI/CD pipelines.
View the documentation to learn more and help provide feedback for this feature.
New features for free users
GitLab Free users get a few more additional enhancements including:
- Release Progress View: Get an at-a-glance view of release progress with a percentage bar, the number of open, closed, and in-progress issues, and more important information.
- Dynamically generate child pipelines: Use
- Template for deploying your application to AWS Elastic Container Services (ECS)
- Up to date deployment jobs: Skip outdated jobs when running a pipeline to avoid potentially overriding newer deployment jobs with older ones.
- Manage Web Application Firewall Controls: Turn this on and off under Operations -> Kubernetes.
- Dynamic environment support: The new report artifact,
dotenvallows users to use Review Apps in dynamic environments.
GitLab for remote work
All of GitLab’s staff are practicing safe habits and work remotely. According to GitLab, it is the “largest all-remote company in the world”. Now is a great time to learn from the best and find out how GitLab functionality can turn your home office team into a productive remote taskforce.
Check out some of their tips and resources for working away from the office and help flatten the curve!