Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / 13.0 Release Product Kickoff Review / 16 Apr 2020
GitLab / 13.0 Release Product Kickoff Review / 16 Apr 2020
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: GitLab 13.0 Kickoff - Secure: Static Analysis

Description

GitLab Secure: Static Analysis Group Product Manager, Taylor McCaslin, provides an Overview of 13.0 release plans.

* About GitLab's Static Team: https://about.gitlab.com/handbook/product/categories/#secure-stage

Relevant Depreciation Announcements for 13.0:
* https://about.gitlab.com/releases/2020/03/22/gitlab-12-9-released/#planned-removal-of-x-y-stable-docker-images-in-favor-of-semantic-versions-for-security-products
* https://about.gitlab.com/releases/2020/03/22/gitlab-12-9-released/#planned-removal-of-docker-in-docker-(dind)-for-security-scanners-in-upcoming-13.0-release

A

Hi, my name is Taylor McCaslin and I'm. The product manager for static analysis here at collab today, I want to walk you through our plans for our 13.0 release.

A

To start us off, we're focused on adding support for dotnet framework to our SAS scanners. So if you have get lap runner deployed on a Windows, Server and you've configured a CI job that builds the dotnet project, you'll now be able to use SAS for dotnet framework.

A

Secondly, we're focused on improving our secret detection capabilities so with 13.0 we'll be introducing a new secret detection. Job template.

A

Currently, our secret detection scanner runs within our SAS template, we'll be splitting that apart, which lays the groundwork for some future features that we'll release we're, also making our secret detection more prominent on our M, our widget, the pipeline security tab and the security dashboard. I also do want to call your attention to a few deprecations that we've announced in previous releases that will be taking effect in 13.0. So we've got our planned removal of XY staple docker images in favour of Symantec versions.

A

This is us shifting to a major minor patch, versioning semantics for all of our scanners. This will allow you to provide more granular, pinning to specific versions, we're also planning the removal of docker and docker for security scanners. This will largely simplify the execution of security scanning jobs. This is going to make things a lot easier for us to support moving forward and then finally, we're transitioning. Our gate lab CI CD pipeline configuration templates to the rules method instead of only an except. This will affect auto dev ops and all of the secure configuration templates.

A

The thing we ask is that if you have customized these job templates, please transition to the rules, syntax is the only and except in cannot be used together, we'll be making this change in 13.0. So that's a quick overview of the changes that we've got in this release and some large deprecations that were also pursuing as well. So that's a look at our 13.0 release.