Contributing features, reviewing changes, and deploying code is a day in the life of a developer. Today we are making these tasks easier and more efficient with an amazing Web IDE, more flexible pipelines, additional security testing, and so much more.

Web IDE is now open source and generally available

At GitLab, we want everyone to be able to contribute, whether you are working on your first commit and getting familiar with git, or an experienced developer reviewing a stack of changes. Setting up a local development environment, or needing to stash changes and switch branches locally, can add friction to the development process. Using the Web IDE you can change multiple files, preview Markdown, review the changes and commit directly all from a browser. You can even open the diff from a merge request and get a side by side view of the changes. The Web IDE is generally available in 10.7 and is now open source, so everyone can benefit.

Deploy Tokens

For any organization working with containers, their registry is a key component in their infrastructure. It serves as a versioned repository, providing an easy and secure way of interacting with your container images. A common use for the registry is to serve images to an orchestrator like Kubernetes. It's important for Kubernetes to have access on an ongoing basis. For example, Kubernetes will pull an image on initial deployment, any time a pod restarts, or when scaling additional pods.

Previously there were two ways to grant access to the registry and repository. One way is the CI job token which provides temporary access for length of the job, after which it expires. Personal Access Tokens provide long term access but are tied to a specific user. When using the CI Job Token, Kubernetes loses access once the CI job has completed, so ongoing events like pod restarts and scaling fail. Using Personal Access Tokens is also undesirable, because access has to be either shared with a user, or a separate service account must be created which takes up a license.

To address these needs more cleanly we have added Deploy Tokens, providing long lived read-only authentication. With a Deploy Token, Kubernetes can now get the images it needs, when it needs them, without being associated with a particular user or having unnecessary access rights.

CI/CD flow control based on variables

A company's CI/CD service is the engine of their software engineering process, performing a wide variety of roles from building and testing software, deploying it to production, and frequently more creative tasks as well. With such a varied and open-ended set of uses, it is important for users to be able to run specific jobs only when they need to. GitLab CI/CD already provides a rich set of options for managing flow control, but there were some use cases like a nightly build that were not easy to address. In 10.7 jobs can now be started based on the value of specific variables, enabling new use cases like jobs specific to particular a pipeline schedule or API trigger.

SAST for Go and C/C++ languages

As part of Complete DevOps, we are providing a great set of security tools out of the box. Static Application Security Testing (SAST) analyzes your source code for known vulnerabilities, and outputs the results directly on the merge request for easy review. In order to analyze your code however, SAST needs to have support for your language. For this reason we have been broadening the scope of SAST, and now support Go and C/C++.