GitLab 12.9 improves code quality reports and secrets storage

GitLab‘s consistent monthly updates continue with the arrival of GitLab 12.9, released on March 22, 2020.

The new update includes a new way to leverage HashiCorp Vault and secure your applications with Secrets Management, Code Quality Reports, and much more.

GitLab 12.9 released with Vault App, Code Quality Reports and Group Deploy Tokens! Enjoy! https://t.co/VWx7yDtPBX

— GitLab (@gitlab) March 22, 2020

SEE ALSO: DevOps report card: Security must be part of the software delivery cycle

New security features

12.9 includes better secrets management. Users can now install HashiCorp vault within a Kubernetes cluster in order to manage secrets, keys, and tokens at the Helm level. The new secrets management update is available for all users, including those using the free version of GitLab.

Find out how to install and manage applications in the documentation. Current HashiCorp Vault users can bring forward their own integration.

In addition to this, Ultimate and Gold users can now receive suggested solutions for security vulnerabilities in Container Scanning. When Container Scanning detects a vulnerability, it will offer a suggestion on how to remediate it where applicable. Select ‘resolve with merge request’ and submit the generated request.

Group Deploy Tokens

Available for all users, GitLab now supports deploy tokens beyond the project-level scope. This enhancement will help improve security in the Container Registry and makes it easier than ever to manage deploy tokens.

From the release blog by Larissa Lane:

With GitLab 12.9, managing deploy tokens in bulk is now more efficient, as we are not only introducing deploy tokens at the group level but also APIs to create, list and revoke deploy tokens. If a specific project requires to use different tokens, project-level deploy tokens override group level deploy tokens.

Read more about this new feature in the documentation.

Code Quality Report

Finding code quality issues in the new feature. Source.

The Full Code Quality Report expands upon the code quality feature already present in Merge Requests.

It displays potential code quality issues and suggests how to fix the problem, ensuring flaw-free, high-quality code. The entire JSON report is available as a downloadable artifact and in the CI/CD pipelines.

View the documentation to learn more and help provide feedback for this feature.

SEE ALSO: DevSecOps Panel – What Is DevSecOps & DevOps Security Challenges

New features for free users

Keep track of issues in the Release Progress View. Source.

GitLab Free users get a few more additional enhancements including:

• Release Progress View: Get an at-a-glance view of release progress with a percentage bar, the number of open, closed, and in-progress issues, and more important information.
• Dynamically generate child pipelines: Use  .gitlab-ci.yml.
• Template for deploying your application to AWS Elastic Container Services (ECS)
• Up to date deployment jobs: Skip outdated jobs when running a pipeline to avoid potentially overriding newer deployment jobs with older ones.
• Manage Web Application Firewall Controls: Turn this on and off under Operations -> Kubernetes.
• Dynamic environment support: The new report artifact, dotenv allows users to use Review Apps in dynamic environments.

GitLab for remote work

All of GitLab’s staff are practicing safe habits and work remotely. According to GitLab, it is the “largest all-remote company in the world”. Now is a great time to learn from the best and find out how GitLab functionality can turn your home office team into a productive remote taskforce.

Check out some of their tips and resources for working away from the office and help flatten the curve!

The post GitLab 12.9 improves code quality reports and secrets storage appeared first on JAXenter.