Source: GitLab Blog | Author: Larissa Lane
GitLab 12.9버전은 Vault App, Code Quality Reports 및 Group Deploy Tokens와 함께 출시되었습니다.
GitLab 12.9버전은 DevOps 리더들이 HashiCorp Vault 애플리케이션을 통해 기밀을 관리함으로써 보안 강화, 코드 품질 보고서 및 맞춤형 가치 흐름 분석을 통한 가시성 향상, 그룹 배포 토큰 및 배포 토큰의 API 관리를 통한 운영의 용이성을 얻을 수 있도록 도와줍니다.
Secure your applications with Secrets Management and Vulnerability Remediation
Many organizations are centralizing the storage of secrets for infrastructure and applications in external secrets management solutions, including HashiCorp Vault. With GitLab 12.9, we enable users to leverage HashiCorp Vault to securely manage keys, tokens, and other secrets at the project level by installing it as a managed application within a Kubernetes Cluster. For current HashiCorp Vault users, you can follow our Bring Your Own Vault Integration progress in gitlab&2868.
When Container Scanning detects vulnerabilities, GitLab 12.9 can now give a suggested solution for the vulnerability, when available. You can choose to remediate the vulnerability with a merge request, which will automatically update the packages in the container base image, helping you resolve container security issues swiftly and efficiently.
Better visibility with Customizable Value Stream Analytics and Code Quality Reports
Value Stream Analytics helps organizations visualize their end-to-end workstream and identify inefficiencies, in order to continuously improve how they deliver value. Previously the lifecycle stages were fixed to the DevOps loop, which may not be suitable for everyone, as some teams may follow a different workflow. With GitLab 12.9, you have more control to customize the stages to reflect the right metrics for your business. Each new stage can have specific trigger events that define the entry or exit of the stage, allowing you to focus on improvements based on your defined key performance indicators. Be on the lookout for more capabilities in our upcoming releases.
Previously, developers used the Code Quality feature in the merge request to understand the impact on quality of the target branch. However, this does not give insight to developers and managers into other code quality issues across the project. With GitLab 12.9, we have introduced a Full Code Quality Report that summarizes the quality issues across the project.
Improve efficiencies with Group Deploy Tokens
For any organization working with containers, it is critical for their orchestrator to have secure and ongoing access to their container registry. Previously, we introduced Project Deploy Tokens to provide long lived read-only authentication to the registry without being associated with a particular user or having unnecessary access rights.
With GitLab 12.9, managing deploy tokens in bulk is now more efficient, as we are not only introducing deploy tokens at the group level but also APIs to create, list and revoke deploy tokens. If a specific project requires to use different tokens, project-level deploy tokens override group level deploy tokens.
And much more!
There are so many great features in GitLab 12.9, that we couldn’t possibly highlight them all. A few favorites include WAF Statistics Report, Group level Roadmaps now available in Premium, and Log Aggregation now available in Core! Keep reading below to get details on every feature release.