In GitLab, to ensure strict code review, you can require a minimum number of users to approve of a merge request before it is able to be merged. You can undo an approval by removing it after the fact.
Draft multiple comments in a merge request code review, before reviewing and submitting them together all at once. This allows you to review code in consistent, and self-contained sessions, instead of as individual comments.
Assign Code Owners to files to indicate the team members responsible for
code in your project using a
CODEOWNERS file. Code owners are assigned
automatically as merge request approvers, can be set as required and
shown when viewing files. Sections allow each team to configure their own code owners
configuration independently, allowing multiple teams to look after common
parts of the codebase.
Find bottlenecks in your code review process by understanding how long open merge requests have been in review.
Keep master green. A special pipeline runs on the results of merged code before merging into master to detect changes that may be green on a branch but will fail master when merged.
Full Code Quality reports are available on the pipeline page, showing areas of the codebase that do not meet the organization’s preferred style or standards.
Review Apps let a developer share their work in progress with their team or a broader audience quickly as they implement a change and request feedback. Being able to leave comments on the Merge Request from the Review app shortens the feedback cycle and creates a single source of truth to track change requests. This feature enables designers, Product Managers, and other stakeholders to comment on the changes to the look and feel / user experience of a change just as easily and quickly as developers working in the MR.
Visualize the history and current status of pipelines across projects and groups all in a single dashboard that can be customized for each user.
With multi-project pipeline graphs you can see how upstream and downstream pipelines are linked together for projects that are linked to others via triggers as part of a more complex design, as it is for micro-services architecture.
Ensure an orderly and efficient flow of changes in a pipeline to target branches by queueing up pipelines in parallel, each building off the merge result of the previous pipeline. Squash-and-Merge is also supported together with Merge Trains.
Connect your projects hosted on external services (like GitHub or Bitbucket) and leverage the power of GitLab CI/CD pipelines to build, test, and deploy your applications easily.
Manage the deployments and connection to your Kubernetes clusters in a secure and compliant way, driven by code.
The GitLab Environments Dashboard provides a cross-project environment-based view that lets you see the big picture of what is going on in each environment. From a single location, you can now track the progress as changes flow from development to staging, and then to production (or through any series of custom environment flows you can set up). With an at-a-glance view of multiple projects, you can instantly see which pipelines are green and which are red, allowing you to diagnose if there is a block at a particular point, or if there’s a more systemic problem you need to investigate
templates for a Group to make consistency easier.
Provides an overview of all the projects that are making use of the instance or group Kubernetes cluster, including the deployments/environments that have been provisioned and the numbers of pods used by each environment.
Visualize multiple epics and milestones across time in a roadmap view.
Issue board lists that pull in issues in a given milestone
Assign scoped labels mutually exclusively when they have the same scope.
Assign more than one person to an issue at a time.
Plan and track features and work group level epics that collect issues together. Easily create and assign Issues directly from the Epic itself
Multiple Group Issue Boards, similar to Multiple Project Issue Boards
Promote an issue to epic to continue collaboration at a higher-level work abstraction.
Associate a board with a milestone, labels, an assignee, and a weight
Make sure the right people review merge requests with approval rules by specifying lists of eligible approvers, the minimum number of approvals for each, and which target branches they protect. This makes it easy to request review from different teams like Engineering, UX and Product.
Coordinate the order in which merge requests are merged within the same project and/or across different projects.
Reject new code and commits that don’t comply with company policy.
When a project needs multiple sign-offs, you can require every merge request to be approved before merging. With Required Merge Request Approvals you can set the number of necessary approvals and predefine a list of specific approvers. In turn, guarantee the quality and the standards of your code.
Extend the base functionality of protected branches and choose which users can push or merge to a protected branch.
Specify which person, group, or account is allowed to deploy to a given environment, allowing further protection and safety of sensitive environments.
Group owners can prevent new members from being added to projects within a group.
Having Geo replicated server(s) can make local pulls go more quickly, but without support for Geolocation-aware DNS, developers need to reconfigure their tools manually to point to their nearest geo replicated server. Users using Geolocation-aware DNS can be transparently directed to the closest server available and can access repository data faster.
Fail over in minutes to another data-center.
Maintenance mode allows systems administrators to perform maintenance operations, such as preparing for a scheduled failover, with minimal disruption to end users.
Configure replicated Git storage with automatic failover, strong consistency, and read distribution for improved fault tolerance and performance.
When development teams are spread across two or more geographical locations, but their GitLab instance is in a single location, fetching and cloning large repositories can take a long time. Built for distributed teams, GitLab Geo allows for read-only mirrors of your GitLab instance, reducing the time it takes to clone and fetch large repos and improving your collaboration process.
GitLab Premium includes support for scaling GitLab services across multiple nodes to manage demands on your system and provide redundancy. GitLab has developed reference architectures so you can easily determine the optimal architecture for your needs.
Supports distributed teams by running multiple registry instances across several regions and syncing between data centers.
Distribute read-only queries among multiple PostgreSQL database servers and reduce the load on the primary database to increase responsiveness.
Forward your logs to a central system.
“Security Dashboards report the latest security status of the default branch for each project. View, triage, and manage vulnerabilities at the Project, Group, or Instance level from a single view. Drill into individual vulnerability details or see high level trends and potential trouble spots.”
Once your application is online, GitLab allows running Dynamic Application Security Testing (DAST) in CI/CD pipelines; your application will be scanned to ensure threats like XSS or broken authentication flaws are not affecting it. Results are then shown in the Merge Request and in the Pipeline view. This feature is available as part of Auto DevOps to provide security-by-default.
GitLab’s vulnerability management is about ensuring assets and applications are scanned for vulnerabilities. It also includes the processes to record, manage, and mitigate those vulnerabilities.
Vulnerability management helps identify meaningful sets of vulnerabilities, in both your assets and application code, that can be mitigated, managed, and acted upon by your whole team—not just the security organization. It also provides a unified interface to the systems teams are already using for managing results from the ~”devops::secure” stage so there is always a single source of truth and single place for managing security results.
When building a Docker image for your application, GitLab can run a security scan to ensure it does not have any known vulnerability in the environment where your code is shipped. Results are then shown in the Merge Request and in the Pipeline view. This feature is available as part of Auto DevOps to provide security-by-default.
GitLab automatically detects well known security bugs in the libraries that are included by the application, protecting your application from vulnerabilities that affect dependencies that are used dynamically. Results are then shown in the Merge Request and in the Pipeline view. This feature is available as part of Auto DevOps to provide security-by-default.
A vulnerability database that can be viewed and enhanced by anyone.
There’s no reason to wait for the next CI pipeline run to find out if your site if vulnerable or to reproduce a previously found vulnerability. GitLab offers scanning your running application with On-demand Dynamic Application Security Testing (DAST), independent of code changes or merge requests.
“Test the APIs in your apps to find vulnerabilities and bugs that traditional QA processes miss.”
“The security alert dashboard provides a workflow for viewing and managing security alerts.”
“With Container Host Monitoring, you can monitor running containers for malicious or unusual activity. This includes process starts, file changes, or opened network ports. You can also block or prevent these activities from occurring.”
Cloud native network firewall provides container-level network micro segmentation which isolates container network communications to limit the “blast radius” of compromise to a specific container or microservice. A container-aware virtual firewall identifies valid traffic flows between app components in your cluster and limits damage by preventing attackers from moving through your environment when they have already compromised one part of it.
To maintain the integrity of your code, GitLab Premium gives admins the ability to view any modifications made within the GitLab server in an advanced audit event system, so you can control, analyze and track every change.
Compliance management within GitLab is easier with an aggregate view of all project activity. View the compliance status of your group in a fast, simple way. Using the built-in quick access view, easily spot when projects are out of compliance and drill down into individual projects to take informed actions to remediate any issues.
Check that licenses of your dependencies are compatible with your application, and approve or deny them. Results are then shown in the Merge Request and in the Pipeline view.
Compliance frameworks allow you to easily designate which frameworks a given project must follow. We provide several pre-defined ones such as GDPR, HIPAA, PCI-DSS, SOC 2, and SOX, etc and also let you define your own.
Create a common pipeline definition that will run for all projects that adhere to different compliance frameworks. This ensures projects perform the steps needed to meet regulatory requirements.
Able to support test planning, definition of test cases, results of test execution and corresponding backlog of work resulting from failed tests. Specific features would include: Test case planning, test execution, defect tracking (backlog), severity, priority.
With Requirements Management you are able to gather, document, refine, and track approval of business and system requirements. Manage and track the relationships between requirements and other requirements, requirements and code, or requirements and test cases for each version of requirements. Specific features will include definition, traceability, and requirement hierarchy and dependency.
GitLab makes it easy to require that a Jira issue is linked to each merge request. This helps teams using both Jira and GitLab better collaborate and stay in sync.
Plan and track strategies, initiatives, and features with multi-level epics that collect issues together. Manage multiple children epics and their issues within the Epic Tree by dragging and dropping them to organize and prioritize the work.
Report on and quickly respond to the health of individual issues and epics by viewing red, amber, or green health statuses on your Epic Tree.
Visualize multiple parent and child epics across time in a Roadmap view to gain insight into how your portfolio of work is progressing. Establishing the product vision and strategy to organize, govern and shape the effort of multi-disciplinary teams building specific business services and features.
Edit labels on multiple epics all at once via the Epic List.
View and track your epics on a kanban-style board
Create charts powered by labels to visualize data such as triage hygiene, issues created/closed per a given period, average time for merge requests to be merged and much more.
The DORA-4 metric, Lead time for changes, measures the time it takes for a merge request to be merged to production. You can access this metric via the CI/CD analytics dashboard or through the API on the project or the group level. Monitoring this metric helps you understand the efficiency of your deployments over time and find bottlenecks and improvement areas.
Purchase additional CI/CD minutes or storage for your group or personal namespaces. Repository storage of 10GB per project is free across all tiers.