Users can authenticate to GitLab in a secure, authenticated manner
WASHINGTON, DC — July 31, 2019 — GitLab, the DevOps platform delivered as a single application, announces that its 12.1 release now provides command line authentication to GIT via multi-factor authentication using SmartCards (CAC, PIV, Derived Credentials). GIT commands remain secured until a user first authenticates to a secure browser session with their card.
The U.S. Government requires any user accessing Government systems to use 2-Factor Authentication (2FA). To accomplish this, the Government typically issues I.D. cards, commonly known as CAC or PIV cards.
In January of this year, GitLab announced the first phase of support for these cards. In a subsequent 11.8 release, the integration of SmartCards and LDAP servers was introduced. These releases focused on the users of the GitLab Graphical User Interface (GUI). GitLab was the first and only DevSecOps solution to provide this security feature.
However, many developers use command-line access to interact with GitLab, and more directly, the common GIT functions of the repositories. GitLab 12.1 release extends that SmartCard authentication capability to these users and the command line interface, further enhancing the security posture of GitLab and its customers. Users can now authenticate to GitLab, then use the Command Line interface to execute GIT commands in a secure, authenticated manner.
“Monkton first made this request to GitLab a few short months ago–their ability to iterate is unparalleled–especially for security reasons. In security focused organizations, the ability to use PKI instead of user generated SSH keys will give organization superior non-repudiation for controlling commits and access to GitLab,” commented Harold Smith III, Monkton Co-founder and CEO. “What this gives us is the ability to use hardware tokens, like the Yubikey or CAC/PIV to perform our authentication, giving us a higher assurance knowing who is using GitLab. How Monkton builds Rebar and secure customer mobile apps is greatly going to benefit this.”
Over 200 Government agencies such as the U.S. Air Force, U.S. Army, U.S. Navy and the Intelligence Community, are all leveraging GitLab’s DevSecOps solution to deliver Speed To Mission.
“GitLab is committed to providing the Public Sector the most robust and secure DevSecOps solution,” said Paul Almeida, Regional Director, GitLab, Federal. “By enhancing our support of SmartCard authentication in the 12.1 release, we are continuing to enhance our security posture for our U.S. Public Sector users, providing the most enriched and secure development environment possible.”
For more information on GitLab’s public sector practice, please visit about.gitlab.com/solutions/public-sector.
GitLab is a DevOps platform built from the ground up as a single application for all stages of the DevOps lifecycle enabling Product, Development, QA, Security, and Operations teams to work concurrently on the same project. GitLab provides teams a single data store, one user interface, and one permission model across the DevOps lifecycle, allowing teams to collaborate and work on a project from a single conversation, significantly reducing cycle time and focus exclusively on building great software quickly. Built on open source, GitLab leverages the community contributions of thousands of developers and millions of users to continuously deliver new DevOps innovations. More than 100,000 organizations from startups to global enterprise organizations, including Ticketmaster, Jaguar Land Rover, NASDAQ, Dish Network, and Comcast trust GitLab to deliver great software at new speeds.