GitLab has confirmed new security and compliance features and a number of enhancements in its platform to aid organizations to secure their software supply chain.
A Global DevSecOps Survey by GitLab in 2022 found that security was amongst the highest priority investment areas for an organization, with 57% of security experts’ surveys indicating that their organizations have already shifted security left or plan to this year.
GitLab has increased its focus on governance to help teams identify risks by offering visibility into their projects' dependencies, security findings, and user activities with increasing regulatory and compliance needs for the organization.
The new enhancements on the other hand provide developers with tools that could scan any vulnerability and deploy controls in order to secure applications. Additionally, the developers have access to secure coding guidance involved in the GitLab platform.
The new capabilities include security policy management, compliance management, events auditing, and vulnerability management. A dependency management capability to help developers track vulnerabilities in dependencies they are using will be available at a later date. Organizations will be able to automatically scan for vulnerabilities in source code, containers, dependencies, and applications in production, says Gitlab.
These capabilities, along with a broad range of security testing capabilities such as static application security testing (SAST), secret detection, dynamic application security testing (DAST), API security, fuzz testing, dependency scanning, license compliance, and container scanning, aids the organization to acquire security and compliance of their software supply chain constantly, without giving in on speed and agility.
In regards to the recent enhancement in the security and compliance features, VP of Product at GitLab David DeSanto says, “To stay competitive and propel digital transformation, organizations need to be great at developing, operating, and securing software. Security needs to be embedded in all stages of the software development lifecycle, not treated as an afterthought.”
“Our enhanced security and governance capabilities make GitLab a comprehensive DevSecOps solution to help secure an organization’s software supply chain”, he continued.