🧑🏾 🌄 💈 GitLab 13.12 publié avec DAST à la demande et graphique de la fréquence de déploiement 📐 ✳️ 🖕🏾

Une image pour attirer l'attention

Ce mois-ci, nous sommes ravis de présenter des améliorations de la gestion des pipelines et de la convivialité pour vous rendre plus productif, ainsi que des mises à jour de sécurité et des analyses pour vous aider à mettre en œuvre DevOps à un niveau beaucoup plus élevé. Et ce ne sont que les principales des 44 améliorations de cette version !

Gérez la sécurité jusqu'à ce qu'elle commence à vous gouverner

Pour contribuer à la sécurité de vos environnements de production, nous mettons les analyses DAST à la demande à la disposition de tous les utilisateurs du plan Ultimate. Le lancement manuel des analyses vous permet de vérifier les applications ou API déjà déployées dans n'importe lequel de vos environnements configurés en dehors du pipeline CI / CD (dans la localisation russe de GitLab "assembly line"), c'est-à-dire sans modifications du code et sans demandes de fusion (dans la localisation russe de GitLab, "demandes de fusion").

SAST Semgrep JavaScript, TypeScript Python . Semgrep , GitLab SAST. , GitLab Semgrep. @proletarius101 .ipa

(iOS) .apk

(Android), Xcode Android-.

GitLab, . , , GitLab.

— GitLab , . - JavaScript , DAST, , -. GitLab Ultimate - . .

— CI/CD, , GitLab. , CI/CD .

CI/CD, , include:

, .gitlab-ci.yml

. , . , ; , .

DevOps

, . , DORA4. . , , .

(Value Stream Analytics) , , . 13.12 , . « » (Days to Completion) , .

@leetickett , -. , .

- . - , GitLab.

!

GitLab. 13.12:

, ! , , 14.0.

REMOTE GitLab, .

Badge GitLab MVP

MVP — Lee Tickett

Lee : . , , , . .

Lee - GraphQL API: - - GraphQL.

, Lee!

GitLab 13.12

DAST-

(SaaS: ULTIMATE; self-managed: ULTIMATE) DevOps: Secure

, DAST (Dynamic Application Security Testing, ) ! , API . 13.11 DAST- , URL-, - API. , 13.9, , , 13.10! , GitLab.

, , , DAST- . , . , , , — .

Lancement DAST GA à la demande

DAST- .

GitLab CI/CD

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

CI/CD- GitLab , CI/CD. , GitLab, . , .

Informations utiles sur GitLab CI / CD dans l'éditeur de pipeline

YAML

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

includes:

CI/CD .gitlab-ci.yml

, . . , . *

includes:

. includes:

, . , GitLab.

Prise en charge des caractères génériques lors de l'inclusion des fichiers de configuration YAML CI / CD

includes

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

CI/CD-, . .

needs

, , . , , .

13.12 , - needs:

. , , . needs:

.

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

GitLab end-to-end , Selenium, . , , , . , - , , .

- . , , .

Échec des captures d'écran du test dans le rapport de test

-

(SaaS: ULTIMATE; self-managed: ULTIMATE) DevOps: Verify

, . -, - IDE. .

- , . GitLab, — .

Code quality violation notices in MR diffs

CI/CD

(SaaS: ULTIMATE; self-managed: ULTIMATE) DevOps: Release

DORA4 GitLab . , , , . , , .

Group-level deployment frequency CI/CD chart

GitLab 13.12

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Manage

, . , , , . , , .

. , . — .

Added total group and project count to admin users table

(SaaS: PREMIUM, ULTIMATE; self-managed: PREMIUM, ULTIMATE) DevOps: Manage

(Value Stream Analytics) . , production. , - .

, , . .

Improvements to the deployment metrics in Value Stream Analytics

(SaaS: PREMIUM, ULTIMATE; self-managed: PREMIUM, ULTIMATE) DevOps: Manage

20 . .

, , . , , Code, .

View and sort stage items in a value stream

(SaaS: PREMIUM, ULTIMATE; self-managed: PREMIUM, ULTIMATE) DevOps: Manage

, , , . , , .

View the number of workflow items in a value stream stage

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

, . , , .

Pipeline status widget in the pipeline editor

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Package

GitLab . .

, , . GitLab 13.12 , .

GitLab API > (Settings > Packages & Registries) GitLab. . !

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Secure

GitLab . , , GitLab , CI. - , , , SAST.gitlab-ci.yml

template GitLab. .gitlab-ci.yml

, , GitLab CI, , GitLab CI.

Configuration tool for Secret Detection

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Secure

GitLab 13.5 (SAST) Android iOS. SAST Xcode Android. @proletarius101 GitLab SAST .ipa (iOS) .apk (Android), . GitLab SAST. , , CI . , , .

SAST .

Semgrep — SAST JavaScript, TypeScript Python

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Secure

GitLab 13.11 Semgrep — SAST JavaScript, TypeScript Python. [ ]https://habr.com/ru/post/557168/#gitlab--semgrep-obnovlyaem-sast-i-zakladyvaem-osnovu-na-buduschee) r2c, , Semgrep — . -, , Semgrep.

13.12 CI SAST.gitlab-ci.yml

JavaScript TypeScript — ESlint. ESLint, Semgrep. , . SAST.gitlab-ci.yml

, , Semgrep, , CI SAST, CI.

GitLab, r2c , . Semgrep , . , .

SAST .

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Release

— , . .

Deleting deploy keys will inform the user if in use

GitLab Pages

(self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Release

GitLab Pages ZIP- 14.0, 13.11. . , . GitLab 13.12 . . , .

ZIP- .

`release:`

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Release

GitLab 13.2 release:

release-cli. release:

, .gitlab-ci.yml

.

release: keyword supports asset links

GitLab

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Configure

, GitLab GitLab 13.9 GitLab 14.0, 22 . , , .

GitLab .

(SaaS: PREMIUM, ULTIMATE; self-managed: PREMIUM, ULTIMATE) DevOps: Monitor

. , GitLab, . , .

Warn administrator when removing an on-call user

Geo PostgreSQL (-)

(self-managed: PREMIUM, ULTIMATE)

Patroni — PostgreSQL, PostgreSQL Geo. , , . , .

Geo - PostgreSQL Patroni. Patroni, , .

Patroni .

Geo Terraform

(self-managed: PREMIUM, ULTIMATE)

Geo Terraform. , . Geo , .

Geo, .

(FLoC)

(self-managed: FREE, PREMIUM, ULTIMATE)

(FLoC) — -, cookie . . FLoC Chrome .

GitLab 13.12 FLoC GitLab. FLoC, .

FLoC .

(SaaS: PREMIUM, ULTIMATE; self-managed: PREMIUM, ULTIMATE) DevOps: Manage

. , , . . , .

Enforce delayed project removal for all subgroups

(self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Manage

, . , .

, , , , - . , , , - GitLab.

Users' group counts now displayed in Admin Area

(SaaS: PREMIUM, ULTIMATE; self-managed: PREMIUM, ULTIMATE) DevOps: Manage

« » , , . , , .

, .

View average time to complete workflow items

« » .

-

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Plan

, -, "/spend", , . -. , , (Time tracking report) , , -. @leetickett !

Time tracking reports for issues and merge requests

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

GitLab , - . , .

, , .

, , , .gitlab-ci.yml

.

'workflow:rules' CI/CD

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Verify

rules

, . 13.8, variables

rules

, . workflow: rules

, , . .

Support variables in CI/CD pipeline 'workflow:rules'

CI/CD .

API

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Package

GitLab . , Maven npm. CI, . , , .

GitLab 13.12 GitLab . . .

GitLab 13.12 API , , . CI . , .

(SaaS: ULTIMATE; self-managed: ULTIMATE) DevOps: Secure

GitLab , . Secure, . API . GitLab . (SAST, DAST), .

. (, SAST), GitLab, . .

Filter Project Vulnerability Report by vendor name

DAST (-)

(SaaS: ULTIMATE; self-managed: ULTIMATE) DevOps: Secure

, 13.12 - . -, DAST, . JavaScript , . - JavaScript, , JavaScript. .

. , , . DAST .

. 327394 @derekferguson

. DAST .

DAST .

SAST

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Secure

SAST ( ) GitLab , GitLab . , 13.12. , .

MobSF 3.4.3: -, .
nodejs-scan 0.2.6: -, .
GitLeaks 7.5.0: -, .
pmd-apex 6.34.0: -, .
Spotbugs 4.2.3: -, .

GitLab SAST (SAST.gitlab-ci.yml), , . , CI, CI.

SAST .

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Release

13.12 API , , , — . REST API. Devin Christensen !

API .

CI- Pages: Gatsby

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Release

Gatsby « ». . , . Takuya Noguchi , GitLab, Gatsby, .

CI- Pages .

Elastic Stack

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Configure

, Gitlab, Elastic Stack , GitLab. , Elastic Stack , GitLab.

Elastic Stack GitLab. , , GitLab.

Elastic Stack .

API

(SaaS: FREE, PREMIUM, ULTIMATE; self-managed: FREE, PREMIUM, ULTIMATE) DevOps: Monitor

. GitLab API. GitLab 13.12 issue_type

REST API GitLab type

GraphQL API GitLab. API , issue_type

incident

(REST API) type

INCIDENT

(GraphQL API).

Geo LFS

(self-managed: PREMIUM, ULTIMATE)

Geo LFS, Geo LFS. 200 . LFS ( ). Geo, , Geo.

Geo .

Geo

(self-managed: PREMIUM, ULTIMATE)

Geo PostgreSQL . Geo . Geo PostgreSQL Geo. , , , PostgreSQL, .

PostgreSQL .

Elasticsearch

(self-managed: PREMIUM, ULTIMATE)

Elasticsearch GitLab Elasticsearch, URL- http(s)://<username>:<password>@<elastic_host>:<elastic_port>/

. GitLab. , , , , GitLab .

Dans cette version, nous fournissons des champs de saisie séparés pour le nom d'utilisateur et le mot de passe Elasticsearch, et le mot de passe est masqué pour empêcher les utilisateurs de voir ses caractères sous forme de texte brut.

Masquer le mot de passe Elasticsearch dans l'interface utilisateur d'administration

Documentation de configuration Elasticsearch et ticket original .

Vous pouvez trouver le texte complet de la version et les instructions de mise à jour/d'installation dans le message original en anglais : GitLab 13.12 publié avec le DAST à la demande et le graphique de fréquence de déploiement

.

Nous avons travaillé sur la traduction de l'anglais cattidourden, maryartkey, ainoneko et rishavant...

GitLab 13.12 publié avec DAST à la demande et graphique de la fréquence de déploiement

Gérez la sécurité jusqu'à ce qu'elle commence à vous gouverner

DevOps

!

MVP — Lee Tickett

GitLab 13.12

DAST-

GitLab CI/CD

YAML

-

CI/CD

GitLab 13.12

Semgrep — SAST JavaScript, TypeScript Python

GitLab Pages

release: (adsbygoogle = window.adsbygoogle || []).push({}); (adsbygoogle = window.adsbygoogle || []).push({}); (adsbygoogle = window.adsbygoogle || []).push({});

GitLab

Geo PostgreSQL (-)

Geo Terraform

(FLoC)

-

'workflow:rules' CI/CD

API

DAST (-)

SAST

CI- Pages: Gatsby

Elastic Stack

API

Geo LFS

Geo

Elasticsearch

More articles:

`release:`