►
From YouTube: GitLab 13.0 Kickoff - Secure: Static Analysis
Description
GitLab Secure: Static Analysis Group Product Manager, Taylor McCaslin, provides an Overview of 13.0 release plans.
* About GitLab's Static Team: https://about.gitlab.com/handbook/product/categories/#secure-stage
Relevant Depreciation Announcements for 13.0:
* https://about.gitlab.com/releases/2020/03/22/gitlab-12-9-released/#planned-removal-of-x-y-stable-docker-images-in-favor-of-semantic-versions-for-security-products
* https://about.gitlab.com/releases/2020/03/22/gitlab-12-9-released/#planned-removal-of-docker-in-docker-(dind)-for-security-scanners-in-upcoming-13.0-release
A
A
A
A
Currently,
our
secret
detection
scanner
runs
within
our
SAS
template,
we'll
be
splitting
that
apart,
which
lays
the
groundwork
for
some
future
features
that
we'll
release
we're,
also
making
our
secret
detection
more
prominent
on
our
M,
our
widget,
the
pipeline
security
tab
and
the
security
dashboard.
I
also
do
want
to
call
your
attention
to
a
few
deprecations
that
we've
announced
in
previous
releases
that
will
be
taking
effect
in
13.0.
So
we've
got
our
planned
removal
of
XY
staple
docker
images
in
favour
of
Symantec
versions.
A
This
is
us
shifting
to
a
major
minor
patch,
versioning
semantics
for
all
of
our
scanners.
This
will
allow
you
to
provide
more
granular,
pinning
to
specific
versions,
we're
also
planning
the
removal
of
docker
and
docker
for
security
scanners.
This
will
largely
simplify
the
execution
of
security
scanning
jobs.
This
is
going
to
make
things
a
lot
easier
for
us
to
support
moving
forward
and
then
finally,
we're
transitioning.
Our
gate
lab
CI
CD
pipeline
configuration
templates
to
the
rules
method
instead
of
only
an
except.
This
will
affect
auto
dev
ops
and
all
of
the
secure
configuration
templates.
A
The
thing
we
ask
is
that
if
you
have
customized
these
job
templates,
please
transition
to
the
rules,
syntax
is
the
only
and
except
in
cannot
be
used
together,
we'll
be
making
this
change
in
13.0.
So
that's
a
quick
overview
of
the
changes
that
we've
got
in
this
release
and
some
large
deprecations
that
were
also
pursuing
as
well.
So
that's
a
look
at
our
13.0
release.