Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / GitLab Group Kickoffs - Verify:Pipeline Security / 12 Jul 2023
GitLab / GitLab Group Kickoffs - Verify:Pipeline Security / 12 Jul 2023
Previous Meeting
Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: GitLab 16.3 Kickoff - Verify:Pipeline Security

Description

Take a look at what we have planned for 16.3!

A

Hi I'm Jocelyn I am the product manager for the pipeline Security Group here at gitla. Our areas of focus are the secrets management category, which includes integration and secrets management as well as CI variables and CI job token. The other area that this team focuses on is build artifacts I'm here today with our wonderful designer beethica to kick off Milestone 16.3 and share a bit of what we have planned um so coming up in 16 3.

A

We're really going to be focusing on continuing to improve the CI variables user experience. We know, there's a lot of feature requests as well as bugs and that's a high priority for our team is really making that variables experience more streamlined and easy.

A

We're also continuing to wrap up some build artifact cleanup issues if you've been following our our videos, our delightful videos, um you'll know that uh we've been uh working on unlocking a few things around the keep latest artifact uh setting and then uh and we'll dig into what more people to get into it. A little bit more around our secrets, management solution, um Concepts and ideas uh work that we're going to continue to be focusing on as we we do acknowledge that uh Secrets management is a very popular request for git lab as well.

A

um So a couple of the items that I would like to highlight are are going to be like the ones kind of on the front end in terms of improving that user experience. uh So one of the first things we're going to do is start at adding pagination uh to the group, variables tables and we're doing this, because a lot of folks have uh have voiced that there are a lot of variables um and, and the table just becomes very large and somewhat unwieldy on a single screen.

A

So, oh, we are focusing on adding that pagination we're also adding some clarity around um the CI job. Token um settings language as well, and we will also be making modifications to uh variable accretion and editing.

A

um So if you look in the issue, you'll see here rather than having a form which we've previously had, will actually be switching over to uh to the drawer so um and and also really improving the validation experience, because it's a little less ideal ideal right now and then I will turn it over to bethica to talk about the design work. We have planned.

B

Thanks Jocelyn, so, first of all, I wanted to touch upon the progress that we are making with the secrets management POC um yeah. We took some time because we really wanted to be very sure with our requirements that we uh that we would be starting off with for the proposal and at this point, we're feeling very comfortable, because we had like multiple rounds of researchers. We had uh sketching exercise internally, which was a lot of fun because all the um Engineers on the team and uh the product manager, everybody.

B

They came together to like Express their views about what they would like to see as features as a part of us. The secrets, management solution, and now the next step is for me to like, come up with the very very first design proposal like the draft and share with all of you. So we would also be looking at conducting an officer for our early adopter program, signees and um yeah. So look forward to that, you would be receiving some communication and some platform very soon.

B

um Then. Moving on to the other issues which I'll be touching upon in this Milestone, our addressing the ux confusion for having the same variable under different environment Scopes.

B

um This is also something that was validated through a very recent uh research that we performed, and luckily we already had a three years old issue open for it. um That right now just to create a CI variable through the UI under different environment. Scopes, one has to like really go and create the same variable and assign them to uh different environment scope. Each time, which is like it's a lot of work.

B

So we just want to simplify this uh particular workflow and make sure that we allow like while we, while users are adding variables, they should be able to specify the different values for different or different environment Scopes, um and the next one is something that came out of uh merge request that was uh I.

B

Think was a community contribution um that there are certain instances where, when users create a CI environment, variable and use variable type instead of file type, uh then just for a particular set of use cases it could lead to uh like it could lead to leaking into content leaking into job logs, which can of course be a security incident.

B

So to make sure that we are very clearly communicating like what are the consequences. And what is what are the uh like information that your users require to make a decision while creating a variable. We would be adding some help text on the add variable model like while you select the type a little more explanation about why you should go with a particular type, and that is all that looks less. But it's actually quite a lot with the POC for it included. So yeah.

A

Awesome thanks, bethika um I, know myself uh the team and I'm sure a lot of others are very excited uh to to see uh progress on on the secrets POC um for anyone watching and is interested in learning more. You can certainly reach out to myself and beethica and happy to to share more information um all right. Well that wraps up our 16.3 uh planning uh thanks Vivica and um we're excited hope you are too.