Securing the guts of the Gits with GitLab

GitLab is expanding… but what is its position in the total source code repository management universe?

Let’s draw a couple of lines first with a nod to the SESYNC research support community for its clarification.

GitHub open source and free.

All code hosted on GitHub must be made publicly available (unless it forms part of a paid account) and any developer or software engineer is permitted to a) push code to GitHub and b) offer suggestion designed to enhance or improve or alter the service.

A load of gits

GitLab is like GitHub, but not completely the same.

GitLab is used by commercial organisations for internal management of their own Git repositories.

Git itself is a source code versioning system in its own right designed to allow developers to track changes and push or pull changes from remote resources.

GitLab exists as one of the most popular services of its kind, although it should be noted that Bitbucket also exists in this space.

Definitions over then, GitLab Inc (the company behind the product) calls itself an integrated product for the entire DevOps lifecycle.

GitLab Inc has now acquired Gemnasium, a company that provides software to help developers mitigate security vulnerabilities in open source code.

GitLab says Gemnasium’s security scanning functionality will fit natively into GitLab’s CI/CD pipelines – as in Continuous Integration / Continuous Delivery – to perform automating application security testing.

Dependency tree [roots]

According to GitLab, as the dependency tree [roots] of open source software go deeper, it can be daunting or even impossible for developers to keep track of which software they are using and what ramifications its use may have on the business.

Sid Sijbrandij, CEO of GitLab has said that GitLab has already begun adding native security functionality, such as the addition of Static Application Security Testing (SAST) in the 10.3 release, along with Dynamic Application Security Testing (DAST) and Container Scanning in the 10.4 release.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.