3 GitLab features to level up DevSecOps workflows

3 weeks ago 4
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

Last month, we, along with the GitLab community, introduced more than 140 improvements to our AI-powered DevSecOps platform to help you build better and more secure software, faster. With that much product innovation, we know it can be difficult to keep track of the latest GitLab has to offer. So, each quarter, we’re spotlighting the most impactful capabilities to help you consolidate toolchains, boost development efficiency, and improve application security. Here are three new features released in GitLab over the past few months that make an immediate impact on your software development.

Learn why GitLab was named a Leader in the 2024 Gartner® Magic Quadrant™ for DevOps Platforms and the 2024 Gartner® Magic Quadrant™ for AI Code Assistants.

Root Cause Analysis: Diagnose broken pipelines faster

Developers spend less than a quarter of their time on code creation, according to our 2024 Global DevSecOps Survey. The bulk of their time is consumed by administrative tasks, planning, and troubleshooting — many of which can be accelerated with AI.

For example, diagnosing broken pipelines is a frustrating task for developers, which requires them to tediously scour through dense log files to identify the cause of the error. This often leads to trial-and-error fixes, sleuthing for solutions on Google, or asking a peer for support. This is a practical scenario where GitLab Duo Root Cause Analysis can meaningfully help developers.

Root Cause Analysis analyzes log files to uncover the core issue behind an error message in a CI/CD pipeline. Not only does it provide teams with insight into what caused the issue, but it also suggests a fix to help resolve the issue faster.

With less time spent on troubleshooting, developers can focus on building differentiated products to help their organizations win.

GitLab Duo Root Cause Analysis is available as a GitLab Duo Enterprise add-on.

Vulnerability Explanation: Quickly understand security risks

We know that developers are playing an even greater role in the remediation of security vulnerabilities. However, not every developer is well-versed in cybersecurity or has a working knowledge of the tactics, techniques, and procedures a threat actor will use to exploit an application. This creates a knowledge gap, which is exposed when vulnerabilities are uncovered.

GitLab Duo Vulnerability Explanation bridges the knowledge gap between security and development teams. It gives developers a detailed description of the vulnerability infecting their code, real-world examples of how attackers can exploit the vulnerable code, and practical suggestions for remediation.

With this feature, you can level up your security skills, resolve vulnerabilities faster, and help create a proactive security culture — all while lightening the load on your security teams. GitLab Duo Vulnerability Explanation is available as a GitLab Duo Enterprise add-on.

Advanced SAST: Filter out the noise

False positives are a top frustration for both security and development teams. Unfortunately, this is a common complaint of traditional Static Application Security Testing (SAST). While SAST is great at integrating security early in the software development lifecycle, its value diminishes when it produces inaccurate results. “Drowning in a backlog of vulnerabilities” is a reality for many security and development teams, often resulting in tension between them.

Advanced SAST, our newest security scanner, uses a proprietary detection engine with rules informed by in-house security research to identify exploitable vulnerabilities. It delivers more accurate results, so security and development teams don’t have to sort through the noise of false-positive results, shortening triage time, improving development velocity, and decreasing friction between teams.

Advanced SAST is available in the GitLab Ultimate tier.

Put these features to work today

At GitLab, we’re committed to making it easier for teams to build software, faster. Capabilities like GitLab Duo Root Cause Analysis, GitLab Duo Vulnerability Explanation, and GitLab Advanced SAST are just a few of the recent innovations we’ve delivered to help developers and security teams level up their DevSecOps workflows. To learn more, check out our releases page.

Get started with these new features today with a free, 30-day trial of GitLab Ultimate.

Read Entire Article