Provides Increased Development Velocity, Built-in Application Security for Risk Mitigation, and Visibility into DevOps Success
GitLab Inc, a company that offers a complete DevOps Platform, announces the next iteration of its single application with its 14 release. This release enables global businesses to advance their adoption of modern DevOps by replacing disparate technologies and toolchains with a single DevOps platform that is configured to work by default. With the product innovation leading up to this release and additional functionality being shipped each month, GitLab is furthering its commitment to bringing the most advanced DevOps platform to businesses.
According to the company’s 5th annual DevSecOps Report, 60% of developers are releasing code 2x faster than ever before because of DevOps. With this and the global rise of remote work over the past year due to the pandemic, companies are rethinking their approach to digital transformation and security as well as recognizing the need for a modern DevOps platform versus multiple disparate technologies and point solutions.
“With the rise of remote work and increased focus on digital transformation, businesses today are grappling with siloed teams and pressure to deliver secure software at extraordinary speeds to compete within the market,” said Scott Williamson, Chief Product Officer at GitLab Inc. “With the product innovation leading up to GitLab 14 and our product plans for the future, we will continue to work to push the industry forward by providing a modern DevOps Platform in a single application so companies can bring together their teams in one place enabling them to innovate and accelerate their software development processes.”
Single DevOps Platform Increases Development Velocity and Efficiency
As businesses transition to modern DevOps practices, the pivot from complex toolchains to a single DevOps platform is becoming more of a reality. According to Gartner[1], “By 2023, 40% of organizations will have switched from multiple point solutions to DevOps value stream delivery platforms to streamline application delivery, versus less than 10% in 2020.” GitLab’s consistent and efficient developer and operator experience leads to a simplified and more predictable software development lifecycle. GitLab allows teams to use one tool for source code management (SCM), continuous integration (CI), and continuous delivery (CD) making teams more efficient and productive with streamlined collaboration. Key focus areas and development features include:
- Pipeline Editor: Lowers the CI/CD barrier to entry for novices and accelerates power users with visual authoring and versioning, continuous validation, and pipeline visualization.
- GitLab Kubernetes Agent: Enables secure, cloud-native GitOps. GitLab also meets customers where they are, supporting GitOps with agent-based and agentless approaches, and for deployments anywhere, regardless of whether infrastructure is cloud-native.
Visibility and Measurement Lead to Increased DevOps Success
Instrumenting systems to surface meaningful metrics is difficult and time-consuming; many businesses struggle to find the metrics that map their DevOps investments to business results. With GitLab’s CI/CD dashboard, deployment frequency charts, and monitoring, organizations gain confidence in their ability to drive both team performance and competitive advantage, with visibility on lead time for changes, change failure rate, deployment frequency, time to restore service (collectively known as the DORA4 metrics), and supporting value stream analytics that identifies and breaks down bottlenecks. New and upcoming metrics and reporting features include:
- Value Stream Analytics: Identify inefficiencies and their root causes in workflows, helping users move the needle on DORA metrics. GitLab’s transparent product roadmap prioritizes actionable analytics to optimize users’ value stream and DevOps return on investment (ROI).
- Deployment Frequency Charts and Monitoring: Enables development teams to monitor the efficiency of deployments over time, find bottlenecks, and know when to make improvements with deployment frequency charts
- CI/CD Dashboard: Measure the efficiency of your development lifecycle with new charts showing lead time for changes — from code commit to production — built into the GitLab CI/CD Dashboard.
Built-in Security and Compliance to Provide Visibility and Mitigate Risk
To stay competitive, businesses need to be able to deliver modern applications quickly while also not compromising on security and compliance best practices. Development teams must collaborate closely with their security team counterparts in order to find, triage, and address security vulnerabilities early in the DevOps lifecycle. Built-in application security testing and compliance frameworks enable businesses to mitigate risk while maintaining development velocity. GitLab’s modern DevOps Platform empowers development teams to efficiently create secure code, security teams to have better visibility into their security risk, and compliance teams to have auditability from the first line of code written to applications deployed in production. New and upcoming security and compliance features include:
- Fuzz Testing: GitLab has shifted fuzz testing left into the heart of developers’ CI/CD workflow, through acquisitions of Fuzzit and Peach Tech, adding both coverage-guided and behavioral fuzz testing to its application security testing capabilities. This enables developers to discover software defects that may lead to exploitable vulnerabilities missed by traditional testing practices.
- Security Dashboards and Vulnerability Reports: GitLab’s Vulnerability Management has evolved into comprehensive Security Dashboards and Vulnerability Reports streamlining organizational overhead of security risk management enabling collaboration between development and security teams while increasing DevOps efficiency and velocity.
- Modern vulnerability scanning: To continue to provide the latest techniques in application security scanning, GitLab has partnered with the Semgrep and Trivy communities to provide greater access to the open source security community. These partnerships will increase the depth of GitLab’s shift left security approach while also empowering GitLab users to connect to the broader community helping everyone be more secure.
- Compliance pipeline configurations: For organizations needing to implement compliance requirements in their DevOps workflow, GitLab provides the ability to enforce even more separation of duties by setting up immutable pipeline definitions for their specific compliance framework needs.
Supporting Quotes
“This partnership provides both Aqua and GitLab users access to the comprehensive security tools they need to successfully shift left. GitLab’s users now have access to the best in open source container scanning, while Aqua users benefit from GitLab’s Vulnerability Research as well as GitLab’s contributions to Aqua’s Trivy project. We’re looking forward to building the relationship further and allowing GitLab to leverage additional open source projects, like Aqua Starboard, to better schedule scan jobs in production environments.” – Technology Partner, Itay Shakury, director of open source at Aqua Security
“I’ve been contributing to GitLab for more than three years and I still learn every day by collaborating with the GitLab team and the wider community. Besides the technical knowledge gained during code reviews, one can learn a lot from the transparent design and engineering workflows behind GitLab. Contributing to GitLab has been a catalyst for shaping the way I work with remote teams.” – Contributor, George Tsiolis, product designer at Gitpod
“The biggest value (of GitLab) is that it allows the development teams to have a greater role in the deployment process. Previously, only a few people really knew how things worked, and now pretty much the whole development organization knows how the CI pipeline works, can work with it, add new services, and get things into production without infrastructure being the bottleneck.” – Customer, Dan Bereczki, director of engineering at The Zebra