As DevOps practices continue to deepen, so do our customers’ demands for greater efficiency and automation. Kubernetes Agent GitLab Kubernetes Agent is now online to help you benefit from fast, pull-based deployments, and GitLab manages the necessary server-side components of the Agent.

With the compliance pipeline configuration, you can customize the pipeline of enforcement to be applied to any project that has specified the corresponding compliance framework.

Polar Fox GitLab13.11 release 13 major features

  1. Configuration of compliance pipeline

You can now configure a pipeline of enforcement for projects that have specified a compliance framework.

  • Teams that want to enforce compliance requirements in their pipelining workflows can now enforce more division of responsibilities by setting up an pipelining for a specific compliance framework.

  • All projects using the framework will automatically contain a predefined pipeline. In downstream projects, users can extend, but not modify, the pipeline configuration of these to ensure that compliance steps are run the same way each time.

This feature saves time for security and compliance teams because there is no need to manually copy the pipelining configuration to every project that needs it, and then there is monitoring to prevent editing or deleting the configuration. Development teams focus on complying with policies, not becoming compliance experts.

  1. Create custom compliance framework labels

Polar Fox GitLab currently provides several predefined compliance framework labels such as GDPR, HIPAA, PCI-DSS, SOC 2 and SOX.

In this release, you can now add custom frameworks. This enables you to customize the tags for your own particular framework and process. In the future, you will be able to create policies for projects based on that tag.

  1. On-call scheduling management

When things go wrong, you need a team (or teams!) To quickly and effectively respond to service interruptions.

On-call is a stressful job, and to better manage stress and burnout, most teams take turns taking On this on-call responsibility.

  • Extreme Fox GitLab’s On-Call Scheduling Management allows you and your team to create and manage schedules for on-call work.
  • Alerts received via HTTP endpoints in Polar Fox GitLab are forwarded to the engineer on standby in the corresponding project’s layout schedule.
  1. Recertify pole Fox GitLab management with management mode

Polar Fox GitLab now offers admin mode to help administrators work safely with the same account.

  • When the management mode is not activated, administrators have the same rights as common users. Administrator users must revalidate their credentials before running administrative commands.

  • The management mode enhances instance security by protecting sensitive operations and data.

  1. Example Export a user access report

Companies that focus on compliance often need to audit their users’ access to corporate systems and resources. Previously, achieving this in GitLab required building custom tools using our auditing related apis to collect the data you needed.

You can now simply click an export button in the administration area of the GitLab instance of the self-managed version of Polar Fox and get a CSV file containing a list of all users and the groups, subgroups, and projects they can access. It is now easier to audit user access in less time.

  1. Use multiple caches in the same job

  • The Polar Fox GitLab CI/CD provides a caching mechanism to save valuable development time while tasks are running. Previously, you could not configure multiple cache keys in the same job.

  • This limitation results in you needing to cache artifacts or duplicate jobs with different cache paths. In this release, we provide the ability to configure multiple cache keys in a single task, which will help improve your pipeline performance.

  1. Track DORA 4 change lead time metrics

Measuring the effectiveness of your software development life cycle is an important step in developing DevOps for any organization. In the last milestone, we added API support for change preparation time at the project level. These metrics give a measure of how the process works, so you know how long it takes for code to be committed and deployed to production. In this release, you can access this feature in the CI/CD dashboard in the Polar Fox GitLab interface, with a new chart showing change lead times and viewing this metric over different time ranges, such as last week, last month, or the last 90 days. In addition to the new charts, we have added support for the API at the group level, allowing you to see the combined results of the change lead time metrics for all projects under that group.

  1. Polar Fox GitLab+Semgrep: A future upgrade for SAST

Polar Fox GitLab’s SAST is supported by more than a dozen open source static security analyses. These analyzers proactively discover millions of vulnerabilities each month for developers using Polar Fox GitLab. Each component of these analyzers scans for a specific language and uses a different technical approach. These differences create extra work for our update, administration, and maintenance functions, and confusion for those who debug.

The Polar Fox GitLab static analysis team is constantly evaluating new security analyzers. Semgrep, a new tool from the R2C development team, impressed us. It is a fast, open source static analysis tool for finding bugs and enforcing code standards. Semgrep’s rules look like code, which means you can write your own rules without having to understand abstract syntax trees (AST) or tangle with heavy codes.

Semgrep’s flexible rule syntax is ideal for simplifying polar Fox GitLab’s custom rule set capabilities, extending and modifying checked rules, which is a common demand of Polar Fox GitLab’s SAST customers. Semgrep also has a growing open source registry of more than 1,000 community rules.

  1. The release CLI tool for creating distributions supports custom CA certificates

As of now, if you’re using the self-managed version of Polar Fox GitLab, the command line tool for creating distributions only supports public certificates, but you can’t use your own custom certificates. In Extreme FoxGitLab 13.11, we added support for custom Certificate Authority (CA) certificates by using the ADDITIONAL_CA_CERT_BUNDLE environment variable or the — Additional -ca-cert-bundle flag. In addition, the INSECURE_HTTPS environment variable and the –insecure- HTTPS flag were added so that the client could skip the validation of the server certificate, as a custom SSL certificate would normally fail because it was not signed by a public CA.

  1. Instance and group description templates for issues and merge requests

Instead of manually updating the same description template across dozens of projects, you can now centrally manage your templates in a repository. We have extended the template for instance and group files to include description templates for issues and merge requests. When you create a. Gitlab directory in the file templates library, the description template will be available for all projects belonging to that instance or group. You can also set up an additional template library for each group or subgroup, which will cascade templates from multiple file template libraries down to your subgroups and projects.

  1. Optional DAG (‘ needs: ‘) tasks in CI/CD pipeline

The directed Acyclic graph (DAG) in Polar Fox GitLabCI/CD allows you to configure a task using the NEEDS syntax so that it can start before its phase starts (once the dependent job has completed). We also have keywords such as rules, only, or except, which determine whether a task is added to the pipeline. However, if you combine the needs syntax with these other keywords, your pipeline may fail when a dependent task is not added to the pipeline.

  1. Environment-specific variables at the group level

Many organizations like to specify secret and other environment variables at the group level because it aligns well with team boundaries or trust levels. So far, group-level environment variables have been applied to all environments, limiting their usefulness in many use cases. Today, we are publishing group-level specific environment variables.

  1. Deploy Polar Fox GitLab on OpenShift and Kubernetes using the Polar Fox GitLab Operator (beta)

Polar Fox GitLab is working to provide full support for OpenShift. To achieve this goal, we have released an MVP product, Polar Fox GitLabOperator, designed to manage the entire lifecycle of polar Fox GitLab instances on Kubernetes and OpenShift container platforms. Currently, this is a beta and is not recommended for use in production environments. The next step will be the official release (GA). In the future, Polar Fox GitlabOperator will be the recommended installation method for Kubernetes and OpenShift, and the Polar Fox GitLabHelm will still be supported. Feel free to try this feature out and provide feedback on our issue tracker.