GitLab is taking the next steps in its DevOps initiative with the announcement that it is integrating security into its single application. The company is also releasing auto remediation, security dashboards and plans to release security approvals in an upcoming update.
“The advantages of a single application are numerous: A single sign-on eliminates the need to request access to each separate tool, context switching is reduced which improves cycle time, and work is tracked in one place so you don’t have to do detective work to find the information you need,” the company wrote in a post.
According to market research company Forrester, while many companies are moving toward the DevSecOps model, they fail to fully address the issue of security fully. “Many organizations have succeeded in automating continuous release and deployment for some applications but face increasing risk from lack of governance and fragmented toolchains,” Forrester observed.
GitLab plans to tackle that problem by integrating security into the single sign-on application.
“When security is separate from the DevOps workflow, it becomes a potential bottleneck to delivery. DevSecOps aims to integrate security best practices in the DevOps workflow to ensure every piece of code is tested upon commit,” GitLab wrote. GitLab aims to take it a step further by building security capabilities into the CI/CD workflow, empowering developers to identify vulnerabilities and remove them early, and by providing the security team with their own dashboard to view items not resolved by the developers, the company explained.
GitLab’s DevSecOps strategy will feature Static Application Security Testing (SAST) to spot vulnerabilities before deployment and Dynamic Application Security Testing (DAST) to analyze web applications for runtime vulnerabilities and run live attacks against the review app. Container Scanning and Dependency Scanning will also be added to the CI/CD pipeline.
In addition, the app will have Kubernetes-native integrations, multicloud deployment support, feature flags, an Operations Dashboard and Incident Management in 12.1, which will enable companies to effectively manage outages.
“Overall, with security automated throughout the developer workflow and DevSecOps delivered in a single application, we believe companies will continue to advance the way they deliver code, shortening release cycles and focusing on the innovation they will bring to market,” GitLab wrote.