With GitLab 14, we saw deep emphasis on modernizing our DevOps capabilities. This modernization enabled enhanced application security and strenghtened collaboration between developers and security professionals.
We saw enhancments such as:
- global rule registry and customization for policy requriements with support for separation of duties
- a newly developed browser-based Dynamic Application Security Testing (DAST) scanner used to test and secure modern APIs and Single Page
Applications - more support for different languages using Semgrep
- new vulnerability management capabilities to increase visibility
With the GitLab 15 release, we can see how our commitment to enhancing application security across the board is stronger than ever. In this blog post, I will provide details on how GitLab is commited to enhancing not only security, but efficiency.
Discover how GitLab 15 can help your team deliver secure software, while maintaining compliance and automating manual processes.
Save the date for our GitLab 15 launch event on June 23rd!
GitLab 15 security features
We see that with every GitLab release, there are plenty of enhancements to our security tools.
GitLab 15 is no exception! We can see a boatload 🚢 of security enhacements released in GitLab 15 below:
- Container Scanning available in all tiers
- Audit changes to group IP allowlist
- Revoke a personal access token without PAT ID
- Project-level Secure Files in open beta
- Dependency scanning support for poetry.lock files
- Semgrep-based Static Application Security Testing (SAST) scanning available for early adoption
- Access and Verify actions for environments
- Terraform CI/CD template authenticates to Terraform module registry
- GitLab advisory data included in container scanning results
- New audit events for merge settings
- Users with the Reporter role can manage iterations and milestones
- Dependency path information
- Secure and Protect analyzer major version update
- Static Analysis analyzer updates
- Approve deployments from the Environments detail page
- Scan result policies listed under MR approval settings
These features run across different stages of the software development lifecycle. I have created a video showing some of the coolest new security features
in GitLab 15:
Scanners moved to GitLab Free Tier
A lot of our scanners were only part of GitLab Ultimate in the past. However, over time, certain scanners
have been moved over to GitLab Free Tier, enabling you to enhance the security of your application
no matter what tier of GitLab you are using.
| Scanner | Introduced | Moved to Free |
|---|
