GitLab's commitment to enhanced application security in the modern DevOps world

With GitLab 14, we saw deep emphasis on modernizing our DevOps capabilities. This modernization enabled enhanced application security and strenghtened collaboration between developers and security professionals. We saw enhancments such as:

• global rule registry and customization for policy requriements with support for separation of duties
• a newly developed browser-based Dynamic Application Security Testing (DAST) scanner used to test and secure modern APIs and Single Page Applications
• more support for different languages using Semgrep
• new vulnerability management capabilities to increase visibility With the GitLab 15 release, we can see how our commitment to enhancing application security across the board is stronger than ever. In this blog post, I will provide details on how GitLab is commited to enhancing not only security, but efficiency.

Discover how GitLab 15 can help your team deliver secure software, while maintaining compliance and automating manual processes. Save the date for our GitLab 15 launch event on June 23rd!

GitLab 15 security features

We see that with every GitLab release, there are plenty of enhancements to our security tools. GitLab 15 is no exception! We can see a boatload 🚢 of security enhacements released in GitLab 15 below:

• Container Scanning available in all tiers
• Audit changes to group IP allowlist
• Revoke a personal access token without PAT ID
• Project-level Secure Files in open beta
• Dependency scanning support for poetry.lock files
• Semgrep-based Static Application Security Testing (SAST) scanning available for early adoption
• Access and Verify actions for environments
• Terraform CI/CD template authenticates to Terraform module registry
• GitLab advisory data included in container scanning results
• New audit events for merge settings
• Users with the Reporter role can manage iterations and milestones
• Dependency path information
• Secure and Protect analyzer major version update
• Static Analysis analyzer updates
• Approve deployments from the Environments detail page
• Scan result policies listed under MR approval settings These features run across different stages of the software development lifecycle. I have created a video showing some of the coolest new security features in GitLab 15: