GitLab announced that it has been expanding support for Code Suggestions, has added a new level of visibility with Value Stream Dashboard, and has added a new and improved license compliance scanner along with license approval policies. 

The company’s aim behind the improvements is to help fill the skills gap since security engineers are outnumbered and 85% of respondents to a 2023 GitLab Global DevSecOps Report: Security Without Sacrifices report said their security budgets are flat or reduced. 

“We believe in a simple mantra: Velocity with guardrails. Artificial intelligence technologies and automation solutions accelerate code creation and, when paired with a comprehensive DevSecOps platform, create the security and compliance guardrails that every company needs,” GitLab stated in a blog post

Code Suggestions, which can improve developer productivity without context switching and within a single DevSecOps platform, is free for all Ultimate and Premium Customers in the Beta.

The recently introduced Value Streams Dashboard offers decision-makers valuable insights into metrics that can help them recognize patterns and trends, enabling them to optimize software delivery. The dashboard takes into account the DORA metrics and tracks the flow of value delivery across various projects and groups, providing strategic insights that can aid in improving the overall software delivery process.

In addition to other features, users of GitLab can establish license policies and examine software licenses for compliance. The scanner tool can retrieve license information from packages that are dual-licensed or have multiple licenses that apply. Moreover, it can identify more than 500 types of licenses, which is a significant improvement from the previous capability of identifying only 20 types of licenses. 

With the help of license approval policies, organizations can minimize the risk of using unapproved licenses, which can save them time and effort that would otherwise be needed to manually ensure compliance.

GitLab also stated that it now automatically revokes PATs leaked in public GitLab repositories to mitigate the risk of a developer mistakenly committing a PAT into their code. Leaked secrets in public projects can be responded to by revoking the credential or notifying the vendor who issued it. 

The company said that there will be more guardrails coming in 2023. One is group and subgroup dependency lists that provide users with a simple way to view their projects’ dependencies. Other capabilities will include continuous container and dependency scanning, management tools for compliance frameworks, and SBOM ingestion to import CycloneDX files from third-party tools.