Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

GitLab Adds Governance, Software Supply Chain Enhancements

GitLab has announced a number of new security and compliance features and enhancements to its platform that are intended to help organizations secure the software supply chain.

The new capabilities include security policy management, compliance management, events auditing, and vulnerability management. A dependency management capability to help developers track vulnerabilities in dependencies they are using will be available at a later date. Organizations will be able to automatically scan for vulnerabilities in source code, containers, dependencies, and applications in production, GitLab says.

The increased focus on governance will help organizations identify risks by providing them with visibility into their projects and the dependencies in use, security findings, and user activities, GitLab says. The platform will be able to track changes and implement controls to define what goes into production, helping organizations ensure that they are adhering to license compliance and regulatory frameworks.

The new enhancements are designed to provide developers with tools to proactively scan for vulnerabilities and implement controls to secure applications. Developers also have access to actionable and relevant secure coding guidance within the GitLab platform.

“With the recent addition of GraphQL schema support in 15.4, these API security scans help secure applications with minimal configuration compared to prior releases,” GitLab says. “Additional application security scanners include static application security testing, secret detection, container scanning, dependency scanning, infrastructure-as-code scanning, and coverage-guided fuzz testing.”

GitLab promises upcoming features, such as a mechanism to parse and ingest existing software bill of materials data from third parties to create a comprehensive software bill of materials for the project, as well as the ability to cryptographically sign both the build artifact and attestation file to prove builds have not been altered. Another upcoming feature will allow GitLab administrators and group owners to create new customized roles with granular permissions to help security teams align role-based access control with the organization’s policies.

The security of the software supply chain is increasingly top of mind for security professionals. For 70% of all respondents in Dark Reading’s “State of Supply Chain Threats” survey in August, supply chain security was among the top five security priorities. In the same vein, GitLab’s “2022 Global DevSecOps Survey,” released earlier this year, found security was the highest budget priority for organizations.

Related News

Ferrari Discloses Ransomware Attack; Refuses to Pay Ransom

Ferrari Discloses Ransomware Attack; Refuses to Pay Ransom

Ferrari, the renowned Italian luxury car manufacturer, suffered a cyber incident that compromised the company‚Äôs client data. According to a…
ChatGPT Bug Exposes Conversation History Titles

ChatGPT Bug Exposes Conversation History Titles

A ChatGPT user on Reddit first reported the bug after noticing Chinese language characters in the title of their conversation…
Breach Forums to Remain Offline Permanently

Breach Forums to Remain Offline Permanently

The decision to shut down the Breach Forums came after the admin noticed someone had logged into an old forum…