The One DevOps Platform enables organizations to stay ahead of threat vectors, maintain compliance posture, and deliver secure software faster
DETROIT, MI – October 25, 2022 – All Remote – Today at KubeCon + CloudNativeCon North America, GitLab Inc., provider of The One DevOps Platform, announced enhancements to its Security and Governance solution which enables organizations to integrate security and compliance in every step of the software development lifecycle (SDLC) and secure their software supply chain.
GitLab’s 2022 Global DevSecOps Survey found that security was the highest priority investment area for organizations, with 57% of security professionals surveyed stating that their organizations have already shifted security left or plan to this year. To meet growing security needs, GitLab is enhancing its Security and Governance solution to provide visibility and management over security findings and compliance requirements, as well as deliver what we believe is a first-class software supply chain security experience.
With increasing regulatory and compliance requirements for organizations, GitLab has increased its focus on governance to help teams identify risks by providing them with visibility into their projects' dependencies, security findings, and user activities. This includes capabilities like security policy management, compliance management, audit events, vulnerability management, and an upcoming capability of dependency management, which will help developers track vulnerable dependencies detected in their applications. These governance capabilities, in conjunction with a comprehensive set of security testing capabilities such as static application security testing (SAST), secret detection, dynamic application security testing (DAST), API security, fuzz testing, dependency scanning, license compliance, and container scanning, can help organizations achieve continuous security and compliance of their software supply chain without compromising on speed and agility.
“To stay competitive and propel digital transformation, organizations need to be great at developing, operating, and securing software. Security needs to be embedded in all stages of the software development lifecycle, not treated as an afterthought,” said David DeSanto, VP of Product at GitLab. “Our enhanced security and governance capabilities make GitLab a comprehensive DevSecOps solution to help secure an organization's software supply chain.”
Securing Software Supply Chains
The software supply chain is all of the internal and external dependencies used in modern software development. To properly secure the supply chain, companies must put tools in place to not only secure the code created in-house but also need ways to detect vulnerabilities that may be introduced by third-party components. With so many moving pieces, securing an organization’s software supply chain can be complex. There needs to be an automated system of checks and balances throughout the development lifecycle to make sure code is efficiently and securely deployed. Implementing a DevSecOps Platform can improve end-to-end security in part by reducing handoffs and improving transparency surrounding ownership and access.
Proactively Identify Vulnerabilities
GitLab helps ensure that organizations can shift left by proactively scanning for vulnerabilities and implementing controls to secure applications. GitLab’s enhanced features can help organizations automatically scan vulnerabilities in source code, containers, dependencies, and running applications. Additionally, these security features can help automate threat detection before and after applications are deployed to production to minimize security risk.
Fulfill Compliance and Regulatory Standards
Operations professionals identify managing compliance and audit requirements as activities within their scope of responsibility. GitLab believes the new and upcoming features will help teams track changes, implement controls to define what goes into production, and ensure adherence to license compliance and regulatory frameworks.
“Enterprises have experienced great success in embracing DevOps principles and breaking down the siloes that separate software development and IT operations teams. The next step to strengthen the development process is to replicate this approach for security, moving from DevOps to DevSecOps,” said Daniel Kennedy, Principal Analyst, Information Security at 451 Research, part of S&P Global Market Intelligence. “In order to shift security left, while continuing deployment at an efficient cadence, organizations require a single platform that integrates security and compliance into their existing development workflows.”1
“HackerOne uses GitLab as a key component to maintain our software security and ensure high confidence with the code we deploy,” said Ben Willis, Principal Software Engineer at HackerOne. “During development, we leverage automated and manual code review checks, use GitLab integrations for continuous monitoring and automated patching, and consistently rely on GitLab for support with any audit requests.”
“Government agencies contend with a plethora of requirements to achieve authority to operate, resulting in wariness around compliance among practitioners. The ability to integrate compliance metrics into the DevOps lifecycle and efficiently produce SBOMs creates a hassle-free process, reducing pain points and encouraging compliance,” said Bob Stevens, VP of Public Sector at GitLab.
GitLab is The One DevOps Platform for software innovation. As The One DevOps Platform, GitLab provides one interface, one data store, one permissions model, one value stream, one set of reports, one spot to secure your code, one location to deploy to any cloud, and one place for everyone to contribute. The platform is the only true cloud-agnostic end-to-end DevOps platform that brings together all DevOps capabilities in one place.
With GitLab, organizations can create, deliver, and manage code quickly and continuously to translate business vision into reality. GitLab empowers customers and users to innovate faster, scale more easily, and serve and retain customers more effectively. Built on Open Source, GitLab works alongside its growing community, which is composed of thousands of developers and millions of users, to continuously deliver new DevOps innovations.
S&P Global Market Intelligence, DevSecOps: Breaking Down Silos for Security, July 28, 2022 ↩