GitLab’s latest release is making it easier for security teams to discover if secrets have leaked. GitLab 11.9 introduces secrets detection in its Static Application Security Testing (SAST) feature.
With this release, every commit will be scanned to ensure it doesn’t contain secrets, and if it does, the developer is alerted in the merge request.
“Inadvertently committing credentials to a shared repository can be an enormous pain, and yet it is a simple mistake to make. Once an attacker gets your password or API key, they can take over your account, lock you out, and fraudulently spend money. This can even lead to a domino effect where access to one account grants access to others. With the stakes so high, it’s of paramount importance to learn as quickly as possible if secrets have been leaked,” GitLab wrote.
The new release also introduces better ways to enforce change management. In previous releases, you could only specify an individual or group for approval, but now multiple rules can be added to require individual approver specifically or require a number of approvers from a certain group.
The Code Owners feature will be integrated in this new set of rules, which will make it easier for developers to find the people that need to approve, GitLab explained.
GitLab is also open-sourcing the automation tool ChatOps. ChatOps enables developers to receive job statuses from chat apps like Slack or Mattermost. Now that it is open source, it can be used in GitLab self-managed Core, GitLab.com Free, and is open for community contributions.