GitLab Adds Governance, Software Supply Chain Enhancements

  /     /     /  
Publicated : 23/11/2024   Category : security


GitLab Adds Governance, Software Supply Chain Enhancements


Developers will be able to scan for vulnerabilities in source code, containers, dependencies, and applications in production.



GitLab has announced a number of new security and compliance features and enhancements to its platform that are intended to help organizations secure the software supply chain.
The new capabilities include security policy management, compliance management, events auditing, and vulnerability management. A dependency management capability to help developers track vulnerabilities in dependencies they are using will be available at a later date. Organizations will be able to automatically scan for vulnerabilities in source code, containers, dependencies, and applications in production, GitLab says.
The increased focus on governance will help organizations identify risks by providing them with visibility into their projects and the dependencies in use, security findings, and user activities, GitLab says. The platform will be able to track changes and implement controls to define what goes into production, helping organizations ensure that they are adhering to license compliance and regulatory frameworks.
The new enhancements are designed to provide developers with tools to proactively scan for vulnerabilities and implement controls to secure applications. Developers also have access to actionable and relevant secure coding guidance within the GitLab platform.
With the recent addition of GraphQL schema support in 15.4, these API security scans help secure applications with minimal configuration compared to prior releases, GitLab says. Additional application security scanners include static application security testing, secret detection, container scanning, dependency scanning, infrastructure-as-code scanning, and coverage-guided fuzz testing.
GitLab promises upcoming features, such as a mechanism to parse and ingest existing software bill of materials data from third parties to create a comprehensive software bill of materials for the project, as well as the ability to cryptographically sign both the build artifact and attestation file to prove builds have not been altered. Another upcoming feature will allow GitLab administrators and group owners to create new customized roles with granular permissions to help security teams align role-based access control with the organizations policies.
The security of the software supply chain is increasingly top of mind for security professionals. For 70% of all respondents in
Dark Readings State of Supply Chain Threats
survey in August, supply chain security was among the top five security priorities. In the same vein,
GitLabs 2022 Global DevSecOps Survey,
released earlier this year, found security was the highest budget priority for organizations.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
GitLab Adds Governance, Software Supply Chain Enhancements