Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / GitLab Group Kickoffs - Secure: Static Analysis / 16 Oct 2020
GitLab / GitLab Group Kickoffs - Secure: Static Analysis / 16 Oct 2020
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: GitLab 13.6 Kickoff - Secure: Static Analysis

Description

GitLab Secure: Static Analysis Group Product Manager, Taylor McCaslin, provides an Overview of 13.6 release plans.

Content from the video:
- 13.6 Planning Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/254310
- https://about.gitlab.com/handbook/product/categories/#secure-stage

A

Everyone, my name, is taylor, mccaslin and I'm the product manager for static analysis here at gitlab. Today, I'm going to give you a quick overview of our 13.6 plans. If you haven't seen in 13.5, we added a number of highly requested features to sas and secret detection, and I want to just quickly touch on those real fast, so we did recently add customizing sas and secret detection rules, um so you're now able to provide custom rule sets to sas and secret detection. You can find details about that in our documentation.

A

Additionally, we also added support for ios and android source code scanning for sas, so definitely check that out if you've got mobile applications so for 13.6 with those releases previously we're focused on a lot of maintenance ensuring that we've got stability and usability across all of those great features we've recently released. We also do have a confidential project, which I'm not quite ready to share details with you about just yet but hold on uh it's a very cool project, and I think you'll like that.

A

Additionally, in a previous release in 13.3, we added support for all users of gitlab to be able to leverage sas and secret detection. Part of that, however, is the actual mr experience of that and we've wanted to make that experience better.

A

So one of the things we'll be focused on in 13.6 is in uh working to continue to improve that experience for non-ultimate users using security scanning, um so I've talked about this previously, but basically we're bringing the download artifact option uh directly into the mr for non-ultimate plans um so that you can quickly access the sas uh and any security results um available to you in directly in the merge request.

A

So these are some ui improvements that we're actively working on. um In that same vein, we also want to make it easier for non-ultimate customers to be able to configure sas. So we are looking to expose some of our configuration ui to core users. So you can see. We've got a configuration page today for our ultimate experience.

A

We want to bring down some of those features to core, to allow users to be able to easily configure that. So you can see here that once we get this feature out, you'll be able to easily enable sas via a single click which will open a merge request to enable sas in your ci cd pipelines.

A

This is something that we're actively working on, I'm not confident that this will ship in 13.6, but it is something that we will be focused on so overall. That is a quick overview of our plans for 13.6. I think it's going to be a great release.