Over a million developers have joined DZone.

GitLab 10.8 — Incremental Rollouts, Push Mirroring, Dependency Scanning...and More

DZone's Guide to

GitLab 10.8 — Incremental Rollouts, Push Mirroring, Dependency Scanning...and More

Learn about the myriad new features in GitLab's 10.8 version, including dependency scanning from the GitLab service, redefining how we do CI/CD.

· DevOps Zone ·
Free Resource

Do you need to strengthen the security of the mobile apps you build? Discover more than 50 secure mobile development coding practices to make your apps more secure.

Continuing to deliver features in their latest release, GitLab's 10.8 version allows teams to deploy applications to a subset of available nodes, maintain mirrors on private networks while keeping cloud-based repo available, and include dependency scanning from the GitLab service. GitLab is defining the way that CI/CD should be employed, by leveraging the model they have defined for their customers.

In the past, when a point release (aka a minor release) reached GA (general availability) status, adoption of these releases was often delayed or even skipped. This was centered around the cost/benefit analysis to analyze, validate and deploy a minor release across the organization. With the advent of Dev Ops, the concept of CI/CD started to gain momentum, but a majority of those following a DevOps model still opted to group and plan releases.

While on a project building out Salesforce for a client, we ran into that very scenario. Our team was able to build and validate new features within every sprint cycle, but often those releases were not deployed to the customer - due to the upfront planning and communication required before the features could be introduced. It was the reality we lived and I quickly realized that our Salesforce team wasn't the only Agile team living in this mode.

The team at GitLab has followed the model taken by Salesforce, where they are releasing updates to their service on a predefined basis. Like other cloud providers, these features are available to everyone...and everyone must adapt to the changes without the ability to linger on a given release. As a seasoned software developer, I appreciate this approach - especially having to handle the headaches related to supporting applications and frameworks which are out of date.

GitLab 10.8 Release

The latest version of GitLab is 10.8, which was released on 05/22/2018 and includes three very impressive features:

  • Incremental Rollouts - this new release approach allows a subset of nodes to be targeted for a given build/release. As a result, deployments could be targeted to a subset of users without having to devise an alternate build process. Current rollout options allow for 10%, 25%, 50% or 100% of your pods to be updated.

  • Push Mirroring - the feature that was initially available to paying/enterprise-level customers is now available in the open-source version of GitLab. Push Mirroring allows Git repositories to be replicated from one location to another. The most common use case for this functionality is the creation of a private GitLab instance, while still maintaining a public version. This functionality can also be used to move a project away from GitLab but keeping the old repository up to date.

  • Dependency Scanning - shipping secure code should always be a priority. The team at GitLab agrees, with their introduction of dependency scanning with the 10.8 release. GitLab's built-in security functionality includes SAST, DAST, container scanning, and dependency scanning to keep you on top of vulnerabilities and ship secure code. As I pointed out in my "Just How Easy Is it to Be Hacked?" article, your application is only as secure as your weakest dependency. Using dependency scanning, GitLab customers can utilize the Interactive Security Reports to analyze and track any known issues. 

But Wait, There's More...

There are so many other features packed into the 10.8 release.

  • Fuzzy file finder in Web IDE

  • Stage/Commit by file in the Web IDE

  • Group milestone burndown chart

  • GitLab Prometheus service metrics

If you want more details, see the GitLab 10.8 Release Notes for more information.

Have a really great day!

Check out tips for blazing the way from agile to DevSecOps with security built into your mobile app toolchain.

devops ,ci/cd ,gitlab ,rollout ,beta ,mirroring ,git ,sast ,dast

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}