DevOps Platform – GitLab 15 Releases and Updates

GitLab is evolving, where constant research are carried out to improve GitLab into powerful DevOps platform of the future. June-22, 2022 GitLab is moving forward and running on their journey towards the future of DevOps. Thereafter, GitLab announces the release of GitLab 15. Excited and obligated, E-SPIN dedicated this ‘ GitLab 15 Releases and Updates’ post to provide end users with the latest improvements added into GitLab 15.

GitLab introduces their improvements on the platform every month. In regards to this monthly release practice, E-SPIN will continuously reach the end users through this post for each GitLab 15 releases and updates. The details of the latest release and updates are presented in the manner where the latest release is shown at the top of the post and then followed with the previous releases. Feel free to visit this post for the updates and please do not hesitate to contact E-SPIN regarding product and related matter (if any).

---

Last year, the announcement of the release of GitLab 14 marked their first step in establishing future of DevOps. Now, GitLab made it again! Meet GitLab 15 with various of improvements, breakthroughs and new changes, it is a release that represents GitLab commitment in delivering a one true future of DevOps solution.

Features in GitLab 15:

• WYSIWYG for Wiki for edit codes, blocks and media inline
• Container scanning in all tiers
• Internal notes
• Better links to external organisations and contacts
• Advanced Search compatibility with Opensearch
• Automate iteration cadence for planning issue
• Nested CI/CD variables with environments in pipeline configuration

Improvements

• Audit changes to group IP allowlist
• Migration support for project releases milestones
• Revoke a personal access token without PAT ID
• Reorganize issue description list items with drag and drop
• Configure wiki visibility for groups
• Display usage of shared runners in user namespaces
• Project-level Secure Files in open beta
• View more details about each runner
• Dependency scanning support for poetry.lock files
• Semgrep-based SAST scanning available for early adoption
• Access and Verify actions for environments
• Automatically create release notes from annotated tags
• Release API endpoint for groups
• Cluster support for Kubernetes 1.22
• Terraform CI/CD template authenticates to Terraform module registry
• GitLab advisory data included in container scanning results
• Advanced Search is compatible with Elasticsearch 8
• GitLab chart improvements
• Follow or unfollow someone from the user popup
• New audit events for merge settings
• Support for failed status checks
• Users with the Reporter role can manage iterations and milestones
• Multiple account support for GitLab Workflow in VS Code
• GitLab Runner 15.0
• Show instance CI/CD limits in /help
• Dependency path information
• Secure and Protect analyzer major version update
• Static Analysis analyzer updates
• Approve deployments from the Environments detail page
• Multiple on_stop jobs for an environment
• Set Environment tier through API
• REST API for the agent for Kubernetes
• The agent server for Kubernetes enabled by default in the Helm chart
• Scan result policies listed under MR approval settings
• Geo’s initial Git repository replication is 27% faster
• Omnibus improvements
• Bug fixes

---

GitLab 15.11 release (2023-Apr-22)

GitLab 15.11 release introduces more than 110 improvements which include Code Suggestions, project compliance frameworks report management at the group level, re-running downstream pipeline trigger jobs, vulnerability dismissal reasons, and many more.

Key improvements:

1. Code Suggestions for subscription tiers

Availability – in SaaS GitLab Premium and Ultimate

Capabilities – Code Suggestions are now made available for Developers using GitLab Ultimate and Premium customers t0 enhance their productivity, focus, and innovation without involving context switching.

2. Web IDE Beta enabled by default on self-managed

Availability – in Self-managed GitLab Premium and Ultimate

Capabilities – Web IDE Beta offers powerful new capabilities and greatly to the web-based code editor. It is now the default editor for all self-managed instances but can be opted out according to preference.

3. Award achievements to users

Availability – in SaaS GitLab Premium and Ultimate and in Self-managed GitLab Premium and Ultimate

Capabilities – This feature allows users to give and receive awards from each other for their skills accomplishments and contributions thus encourage better performance and improve productivity.

4. Google Play Store integration

Availability – in SaaS GitLab Ultimate and in Self-managed GitLab Ultimate

Capabilities – GitLab 15.11 release enables you to configure and validate your projects with Google Play Store credentials. Subsequently, this allows you to utilise those credentials in CI/CD pipelines to automate releases to the Google Play Store.

5. Manage Project Compliance Frameworks Report at Group Level

Availability – in SaaS GitLab Premium and Ultimate and in Self-managed GitLab Premium and Ultimate

Capabilities – In this release, users no longer needed to go to each project to manage to add or remove a compliance framework from a project. Instead, users can manage project Compliance Frameworks Report at Group Level, enabling them to manage compliance with regulations in shorter period of time.

6. Vulnerability dismissal reasons

Availability – in SaaS GitLab Ultimate

Capabilities – With GitLab 15.11, users can add a reason for dismissing a vulnerability to the Vulnerability Report which allow them to easily recall why those vulnerability are being dismissed.

7. Value Streams Dashboard released in Beta

Availability – in SaaS GitLab Ultimate and in Self-managed GitLab Ultimate

Capabilities – GitLab 15.11 is equipped with new value streams dashboard. This upgraded value streams dashboard can be used by organisations to identify workflow inefficiencies and opportunities for enhancements through benchmarking key DevSecOps metrics. With this dashboard offers visibility across every step of the software development lifecycle without the need for buying or maintaining third-party tool.

8. Rerun downstream pipeline trigger jobs

Availability – in SaaS GitLab Premium and Ultimate and in Self-managed GitLab Premium and Ultimate

Capabilities – GitLab 15.11 removes the need to rerun the full upstream pipeline when you would like to trigger downstream pipeline, making the jobs more efficient and less time consuming. This feature is achievable by selecting Run again on the trigger job where the newly triggered downstream pipeline replaces the original downstream pipeline in the pipeline graph.

9. Define inputs for included CI/CD configuration

Availability – in SaaS GitLab Premium and Ultimate and in Self-managed GitLab Premium and Ultimate

Capabilities – GitLab 15.11 release offers adds the ability to declare mandatory or optional input parameters for each includable configuration file. With this addition, the input parameters are scoped to the included configuration only, making no impact to the included configuration only. As a results, users are able to build more robust and isolated CI/CD templates, also declare and enforce constraints.

Other improvements

• Better error message when direct transfer setting is disabled
• Detailed link preview visible for non-publicly available pages
• Enhanced data sync between Jira and GitLab for Jira Cloud app
• Ability to migrate GitLab projects through direct transfer using API
• Disable LDAP synchronization of user’s name option
• New visualization of stages breakdown in Value Stream Analytics
• Open modified files in the Web IDE Beta
• NuGet packages importer
• Documentation for using the agent for Kubernetes with custom certificates
• Kubernetes 1.26 support
• Approval rules settings pages with Multiple approval rules that are available in the GitLab UI
• Multiple approval rules are available in the GitLab UI
• Automatic response to leaked secrets on any public branch
• Container Scanning outputs CycloneDX documents
• Static Analysis analyzer updates
• Dependency Scanning support for pnpm
• Support for Yarn v2 and v3 in Dependency Scanning
• Warnings to prevent accidental token leaks in issues, MRs, and comments
• Set custom Git server hooks using CLI
• README files for groups
• Omnibus improvements
• Bug Fixes

---

GitLab 15.10 release (2023-Mar-22)

GitLab 15.10 release involves more than 115 improvement and those include the ability to automatically resolve SAST findings when rules are disabled, a new view to see all branch-related settings together, the ability to create and switch branches in the Web IDE Beta as well as compliance frameworks reports, and many more. 

Key improvements:

1. Automatically resolve SAST findings when rules are disabled

Availability – in SaaS GitLab Ultimate and self-managed GitLab Ultimate

Capabilities – You can focus on vulnerabilities that are still relevant after the rule update as GitLab SAST will automatically resolves vulnerabilities from Semgrep- and KICS-based analyzers in a condition where predefined rule is disabled and a rule from a ruleset is removed.

JavaScript SAST rule has been removed in these release due to too many false-positive outcomes.

2. Integration with Apple App Store

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capability – GitLab 15.10 allows you to configure and validate your projects with Apple App Store credentials.

3.View all branch-related settings together

Availability – in SaaS GitLab Premium and Ultimate

Capabilities – GitLab 15.10 displays all branch-related protections on a single page. You only need to set in by going to Settings > Repository > Branch rules. This features aim to enable you to discover, use, and monitor settings easier.

4. Commit list view to identify tagged commit

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capability – GitLab 15.10 let you easily discover added commits since a tagged release commit through viewing commit list at Repository > Commits. 

5.  diagrams.net editor for creating diagrams in wikis

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capability – You are able to create and edit diagrams in wikis more easily with diagrams.net GUI editor in this release which is available in the Markdown editor and the content editor.

6. Create and switch branches in the Web IDE Beta

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capability –  GitLab 15.10 helps enhance productivity as it let you create a new branch any time while making changes or switch branches in the Web IDE Beta.

7. Compliance frameworks report

Availability – in SaaS GitLab Ultimate and self-managed GitLab Ultimate

Capability – GitLab 15.10 adds compliance framework to the existing compliance report that shows compliance violations in the previous version.  With this feature, you can see at a glance every compliance framework that have been applied to the projects in your group.

8. Suggested Reviewers generally available

Availability – in SaaS GitLab Ultimate and self-managed GitLab Ultimate

Capability – You can now have GitLab to recommend a reviewer through Suggested Reviewers.
This is one of the ML Feature at GitLab that applies the changes in a merge request and a project’s contribution graph and then show recommended reviewer in the reviewer dropdown in the merge request sidebar.

Other improvements

• Automatic disabling of failing group webhooks
• Default syntax highlighting theme for new users
• Direct transfer migration on GitLab self-managed no longer needs feature flag
• Duo supported as a 2FA method
• Explore projects, groups, snippets, and topics
• Generate a new OAuth client secret
• Groups for OpenID Connect
• Import GitHub repository collaborators as GitLab project members
• Improved import error messages that include subrelation errors
• Enhanced onboarding experience for SAML/SCIM provisioned users
• Advanced security through filtering outbound requests
• Name shown in sign-in notification emails
• SAML group lock
• Apply WebAuthn for 2FA without an OTP
• Extend DORA GraphQL API to support multiple metrics
• New pairing rule for custom stages in Value Stream Analytics
• Report abuse from users’ comments in epics
• Define default owners for CODEOWNERS sections
• GitLab CLI v1.26.0 released
• Add a merge request to the Merge Train using API
• Native attachments for Service Desk emails
• Configurable depth for Dependency Scanning
• Static Analysis analyzer updates
• Self-managed support for the new License Compliance scanner
• Enforce IaC Scanning with Scan Execution Policies (SEPs)
• Geo now verifies replicated Container Registries
• API support for project user management
• GitLab chart improvements
• Find users quicker through Advanced Search
• Omnibus improvements
• Better workflow for editing projects in the Admin Area
• New language filter for code search results
• Learn to configure Flux for GitLab
• Revoked and created agent access tokens trigger audit events
• Apply a dedicated subdomain for KAS address
• Bug fixes

 

---

GitLab 15.9 release (2023-Feb-22)

GitLab 15.9 release include more than 105 improvement and among them are  guest roles viewing private repositories, license approval policies and license compliance scanner, notifications in the GitLab for Slack app, code suggestions in closed beta. 

Key improvements:

1. Ability to view private repositories for users with Guest roles

Availability – in SaaS GitLab Ultimate and self-managed GitLab Ultimate

Capabilities – With administrator permissions, users with guest roles can now view private repositories. Administrator need to create new role through the API, to assign role to specific guest users to permit access.

2. Need multiple approvals from code owner

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – Specifically define the files, types of files or directories approval as optional that need approval from the code owners (one or multiple).

 

3. Manage license approval policies

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – This release remove the deprecated License-Check feature and introduce support for license approval policies as replacement.

With this feature, users can

• choose who has permission to edit license approval policies.
• create and chain multiple policy rules.
• enforce two-step approval process.
• apply single set of license policies to multiple development projects
• use policies to get approval for any license that is not specifically allowed

4. Notification in GitLab for Slack app

Availability – in SaaS GitLab Premium and Ultimate

Capabilities – GitLab for slack app functions to manage notifications from GitLab to your Slack workspace. This feature will eventually replace the slack notifications integration. With GitLab Slack app, users will be able to use existing app features like slash commands and also specify the specific slack channels for notification.

5. Code suggestion available in Closed Beta

Availability – in SaaS GitLab Ultimate

Capabilities – GitLab Code Suggestions helps enhance developer productivity, focus, and innovation without context switching – within a single DevSecOps platform.

Closed Beta participants can now get code suggestions through GitLab Workflow VSCode extension.

6. Track important incident timestamps on the incident timeline

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – GitLab 15.9 enables users to accurately track incident metrics to understand their performance as it allows specify optional incident tags to record relevant incident timestamps.

7. New License Compliance Scanner

Availability – in SaaS GitLab Ultimate

Capabilities -This release support new method of ensuring license compliance. The new license compliance scanner in GitLab 15.9 is can parse and identify 500 types of licenses and able to extract license information from packages that are dual-licensed or have multiple type of different licenses that apply.

8. Enhanced CI/CD Workflow Security  with OpenID Connect (OIDC)

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – GitLab 15.9 is added with OIDC to improve security to CI/CD workflow. With this increase security, your software and cloud-native infrastructure becoming more secure.

9. Remove character limitation in non-expanded (raw) masked variables.

Availability – in SaaS GitLab Premium and Ultimate and  GitLab Premium and Ultimate

Capabilities – Special characters such as $, ', or " makes it impossible to mask variable. GitLab 15.9 has been improved by removing this masking limitation for non-expanded (raw) variables.

Other improvements

• API support for bulk users access management
• Custom text for email for users deactivation notification
• Dashboard filter to explore project by programming language
• Add discord user ID to GitLab profile
• Disable two factor authentication (2FA) by group owner (Enterprise users)
• Import project from external providers repeatedly through different target paths
• View and filter activity in one location
• ‘Your Work’ sidebar for consistencies
• :active attribute added to SCIM API
• Filter epic lists and roadmaps by specific group
• Convert markdown checklist item to a task
• Display assigned labels on roadmap
• Epics that can contains child epic from different group hierarchies
•  Utilise quick actions when editing task’s description
• 180-day visualization of performance of DORA Metric
• Better control over your SSH connection via gitlab-sshd
• Control which projects that able to access your project with a CI/CD job token
• GitLab Runner 15.9
• New jobs tab in group runners page
• New rules to GitLab SAST
• GitLab Static Analyser updates which include additional coverage, bug fixes, and improvements
• Automatic revocation of leaked personal access tokens
• Secret Detection scan all commits in merge requests
• Clean up stale environment
• Setting to allow self-approval of a deployment to a protected environment
• Show related tags on Environment page for deployments pending approval
• See all commits on the Chain of Custody report
• Documentation of Elasticsearch advanced search role privilege requirements
• Bug fixes

 

 

---

GitLab 15.8 release (2023-Jan-22)

GitLab 15.8 release brings in more than 35 improvement which include block merges unless external status checks pass, SCIM support for self-managed GitLab, view estimated queuing for runners in the admin area, migrate GitLab projects by direct transfer beta.

Key improvements:

1.Block merges unless external status checks pass

Availability – in SaaS GitLab Ultimate

Capabilities – Users are now able to configure projects to block merge request merges unless all external status checks pass. With this feature, users can

• securely depends on external systems as part of your GitLab workflows
• make sure that all important steps are completed before the code is merged

2. Migrating GitLab projects by direct transfer Beta

Availability – in SaaS GitLab Premium and Ultimate

Capabilities – Migrating GitLab projects by direct transfer Beta which is available in GitLab 15.8 allows users to migrate group and project resources together when using direct transfer.

Additionally, direct transfer can be used to migrate between GitLab instances as well as within the same GitLab instance.

3. SCIM support for self-managed GitLab

As Self-managed GitLab in this release supports the open standard System for Cross-domain Identity Management (SCIM), users can now automatically create users or even remove users through deactivating their SCIM identities.

4. Selective SSO enforcement for group members

Availability – in self-managed GitLab Premium and Ultimate

Capabilities – In this release, when SAML SSO was enable for selective groups, all members with SAML identity will automatically have SSO enforced on them. A member is said to has SAML identity if they meet one of the following criteria:

• signed in to GitLab via GitLab group’s single sign-on URL
• provisioned by SCIM

Users without SAML identities do not need to apply SSO except SSO enforcement is explicitly enabled.

5.View estimated queuing time for runners in the Admin Area

Availability – in self-managed GitLab Ultimate

Capabilities – The estimated queue time feature in GitLab 15.8 let users detect the median estimated wait time for all instance runners. With this data users can proactively determine potential CI job execution problems for your organisation’s developers and give insights to make inform decisions on configuration or resource changes to optimise the runner fleet.

Other improvements

• Check personal access token before migrations start
• Create To-Dos for group owners on access request
• Create To-Dos for project owners on access requests
• Import GitHub gists into GitLab snippets using API
• Include expiring token’s name in email notification
• Introducing two new fonts for GitLab
• Option to not include projects when migrating GitLab groups
• Setting for enabling group migration by direct transfer
• Populate Allowed to push branch protection rule on GitHub imports
• GitLab Runner 15.8
• Static Analysis analyzer updates
• Setting to make user profiles private by default
• SAST false positive detection now supports Go
• Promote an issue to an incident with a quick action
• Audit event for changing protected status of an environment
• More discoverable syntax options for Advanced Search
• Bug fixes

---

GitLab 15.7 release (2022-Dec-22)

GitLab 15.7 comes new GitLab CLI, general availability of browser-based DAST, support for GitOps deployments from outside the default branch and also more 70 improvement. 

Key improvements:

1. New GitLab CLI

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – Developers depends heavily on CLI to complete their task. The new GitLab CLI adopted the open source project glab, as the foundation of GitLab’s native CLI experience. This CLI integrates GitLab with Git and your code without the need for applications and tab switching.

2. Share CI/CD access to the agent within a personal namespace

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – In this release, the GitLab agent for Kubernetes gives a more secure solution in managing clusters with GitLab CI/CD. The support for CI/CD connection sharing to personal namespaces added in this release enables  users to use a single agent from any of the projects under personal namespace.

3. Support GitOps deployments from outside the default branch

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – This release involves improvement on the pre-fill CI/CD variables in the “Run pipeline” page. The releases is added with ability to set a list of values which are surfaced in a drop-down list in the “Run pipeline” page. This improvement let users define the exact list of values that are valid for each CI/CD variable when manually running a pipeline.

4. Support the $ character in CI/CD variables

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – This release introduces a new setting for project, group, and instance CI/CD variables. As s results, users are now able to toggle whether or not GitLab interprets the CI/CD variable as a raw string, or treats $  character as the beginning of another variable that should be expanded.

---

GitLab 15.6 release (2022-Nov-22)

GitLab 15.6 release offers multiple improvements including Git abuse rate limiting, support for special characters in CI/CD variables, group and subgroup-level scan result policies, DAST API analyzer for on-demand DAST API scans and many more.

Key improvements:

1. Group and subgroup-level scan result policies

Availability – in SaaS GitLab Ultimate and self-managed GitLab Ultimate

Capabilities – This release includes policies that can be automatically flow down and use to every project inside the group. With this feature, users from large organisations with large sum of projects can easily and uniformly enforce those policies.

2. Git abuse rate limiting

Availability – in self-managed GitLab Ultimate

Capabilities – Enabling Git abuse rate limiting feature will let GitLab 15.6 automatically notify administrators on downloads or clones that exceed the number of repositories allowed in a group or its subgroups within a specific period of time.

GitLab 15.6 also let administrator to ban users who exceed the rate limit by declining access to the main group as well as any of its non-public subgroups.

Bans are permanent by default however administrator can remove ban if needed.

3. DAST API analyzer for on-demand DAST API scans

Availability – in SaaS GitLab Ultimate and self-managed GitLab Ultimate

Capabilities – For GitLab 15.6 DAST API analyzer is used for on-demand DAST API scans. The DAST API analyzer also bring new functionalities which include GraphQL scans, support for authentication tokens that expire, scans using Postman collections, and scans using HAR files. With this change,  not only user can use an OpenAPI specification in the site profile to define an API test, you can also applies a Postman collection or HAR file to ensure that your test gets the expected API coverage.

4. Support for special characters in CI/CD variables

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – $ character in a CI/CD variable lead to the introduction of the variable: expand: keyword that enables you to mark a variable as “raw”.

5. CI/CD variable support in rules:exists configuration

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – GitLab 15.6 offers support for CI/CD variables with the rules: exists keyword which simplify the complexity .gitlab-ci.yml configuration by letting users to use variables for paths or filenames.

Other improvements

• Associate Merge requests to issues when migrating groups with projects
• Display a summary of a user’s contributions before deletion
• Import GitHub branch protection rules
• Import pull request assigned reviewers from GitHub
• New GraphQL parameter for analyzing deprecated schema items
• New GraphQL API for Contribution Analytics
• Prevent Guests from viewing internal notes
• Default split view for Markdown preview in the Web Editor
• Configure default names for branches created from issues
• Admin > Area Runners – job queued and duration times
• Update access levels from Protected Branch API
• GitLab Runner 15.6
• Beta: Automatic revocation of leaked Personal Access Tokens
• More accurate SAST rules for Python
• See multiple Code Quality scan reports per pipeline
• Static Analysis analyzer updates
• Publish releases without giving access to source code
• Enhanced values support for Helm-based deployments
• Show multiple approval rules in deployment approval UI
• Mount ConfigMap to volumes with the Auto Deploy chart
• Automatically add incident severity changes to incident timelines
• Kubernetes 1.25 support
• Add linked resource to an incident with a quick action
• Scan execution policy support for dependency scanning
• GitLab chart improvements
• Omnibus improvements
• Minimum required Git version is now v2.37.0
• Bug fixes

---

GitLab 15.5 release (2022-Oct-22)

GitLab 15.5 release involves more than 50 improvements which includes GitLab Cloud Seed, Autocomplete suggestions in the Content Editor, Error Tracking Open Beta, Operational Container Scanning and more.

Key improvements:

1.GitLab Cloud Seed for deploy apps to Google Cloud

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – Cloud Seed is built into the GitLab web UI and leverages the capabilities of CI/CD pipeline. It is designed to offer a frictionless developer experience when using Google Cloud services, supporting Service Accounts, Cloud Run, and Cloud SQL. GitLab Cloud Seed enables GitLab and Google Cloud customers to easily migrate to the cloud using a single platform as it simplifies, automates and accelerates cloud resource provisioning, deployment automation and configuration.

2. Autocomplete suggestions in the Content Editor

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – Now, just like the GitLab Flavored Markdown, you can access to the similar autocomplete suggestions or shortcut. For instance, users can type #35266 to link to that issue or :thumb to see a list of thumb emojis.

3. Rule Mode for Scan Execution Policies

Availability – in SaaS GitLab Ultimate and self-managed GitLab Ultimate

Capabilities – This release support editing scan execution policies through the UI in Rule Mode in addition to the Yaml Mode which let users (both technical and non-technical) to easily construct a policy.

4. Email Notification for incorrect OTP incident

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – GitLab 15.5 having improved security as users will receive email notification instant when incorrect OTP is entered. 

5. Error Tracking Open Beta

Availability – in SaaS GitLab Premium and Ultimate

Capabilities – This release brings back GitLab integrated error tracking for GitLab.com in Open Beta but with improved architecture where it applies new Observability backend, leveraging the ClickHouse database as a unified data store.

6. Search by environment name in the Environments overview page

Availability – in SaaS GitLab Ultimate and self-managed GitLab Ultimate

Capabilities -With GitLab 15.5 release, users can search the list of environments in the Environments page through name.

7. Operational container scanning

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – GitLab supports vulnerability scanning of container images in operational or production Kubernetes environments is now official. Users can set up scanning through:

• configuration file for your GitLab Agent for Kubernetes
• creating a scan execution policy to require scans to run on a regular cadence.

Other improvements

• API endpoint to get project transfer locations
• Area setting to prevent users from creating groups
• Deliver emails using Microsoft Graph API with client credentials flow
• Import and store attachments when importing from GitHub
• Import more relationships when importing projects from GitHub
• Import pull request and issue events from GitHub
• Modify user’s commit email through the Users API
• New filters for personal access token API
• Update group members’ SAML and SCIM extern_uid with API
• Add labels and dates to a task
• Show blocking epics in the roadmap
• Improve DevOps efficiency with the pre-defined DORA comparison report
• Unsaved changes to wiki pages are preserved
• Enforce Developer Certificate of Origin on all contributions
• Display all available group runners
• Bulk delete runners in the Admin Area
• Expose CI/CD job token scope status in the jobs API endpoint
• Change the internal port for DAST API and API Fuzzing scans
• Display runner owner in Admin Area and group runners page
• Run security scanning tools in merge request pipelines
• GitLab Runner 15.5
• Use Code Quality with a private, authenticated image registry
• Dependency scanning improved accuracy for Go dependencies
• Create annotated tags in the Releases page
• Static Analysis analyzer updates
• Update a release using the Release CLI
• More kubectl calls for the agent CI/CD workflow
• Geo now replicates Incident Metric Images
• Access release description from tag in CI/CD pipeline variable
• Omnibus improvements
• Prevent outdated deployment jobs
• FIPS compliant Kubernetes integration
• Restrict the agent for Kubernetes by environment deployment tiers
• Geo now replicates alert metric images
• GitLab chart improvements
• Enhanced code search quality for Advanced Search
• Bug fixes

---

GitLab 15.4 release (2022-Sep-22)

The release of GitLab 15.4 includes more than 60 improvements, and most significantly the GitLab’s first machine learning powered feature such as  Suggested Reviewers open beta, improved CI/CD integration in VS Code, Pages Pipeline Wizard, email validation bypass for verified domains and many more.

Key improvements:

1. Suggested Reviewers open beta

Availability – in SaaS GitLab Ultimate

Capabilities – GitLab’s suggested review which is powered by machine learning allows it to recommend suitable reviewers to users. Currently, this feature is in beta behind a feature flag.

2. Limit the maximum number of custom domains per project

Availability – in Self-managed GitLab Premium and Ultimate

Capabilities – GitLab lets user limit in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate, dismissing slow response times from the Pages API thus improves reliability of the service.

3. Easy start with GitLab pages

Availability –in SaaS GitLab Premium and Ultimate and Self-managed GitLab Premium and Ultimate

Capabilities – This release enables users to use  GitLab UI to interactively build GitLab Page. The step only involves answering questions from GitLab on how your app is built, then GitLab will build your .gitlab-ci.yml file to get started.

4. Improved CI/CD integration in VS Code

Availability –in Self-managed GitLab Premium and Ultimate

Capabilities – More over, GitLab 3.5 Workflow offers CI/CD pipeline interactions that help avoid context-switching such as:

• Download artifacts: commit f4d027c, merge request !635
• Retry or cancel an existing pipeline: commit c2caee4, merge request !637

5. Sortable, filterable data-driven tables in Markdown

Availability –in SaaS GitLab Premium and Ultimate and Self-managed GitLab Premium and Ultimate

Capabilities – GitLab 15.4 enables users to insert data-driven tables using JSON syntax as in below:

1. Write or export a table in JSON.
2. Wrap JSON in a code block that starts with triple backticks followed by json:table.
3. Save your issue, submit your comment, or publish your page.

Whereas in rendered table, users can enable;

• Sorting for specific fields using "sortable": true
• Dynamic filtering of data using "filter" : true

These capabilities allows you to re-sort that 100-row table with one click and find that one issue reference which is nearly identical URL to abundance of other URL as easy as using web search.

6. Users on verified domains can bypass email validation

Availability –in SaaS GitLab Premium and Ultimate

Capabilities – SAML and SCIM that belong to verified domain reduce less account activation friction, individual verification no longer happen upon creation of new users.

7. Add linked resources to incident issues

Availability –in SaaS GitLab Premium and Ultimate and Self-managed GitLab Premium and Ultimate

Capabilities -This release allows users to surface the incident Slack channel, Zoom meeting space, or links to any relevant resource for resolving incidents easier.

8. More powerful Linux machine types for GitLab SaaS runners

Running jobs on GitLab SaaS Linux runners lets users to have access to more powerful machine types for both medium and large. making you to have bigger choices for your GitLab SaaS CI/CD jobs. Additionally, 100% job isolation on an ephemeral virtual machine, and security and autoscaling fully managed by GitLab enables users to can confidently run critical CI/CD jobs on GitLab SaaS.

Other improvements

• API endpoint to get group transfer locations
• API support for immediate group deletion
• Identify bot users with a badge
• Improved topic management for administrators with topic merge
• Schedule when to clear status from the user profile page
• Restrict access to groups using API
• Streamlined sign-in page
• Streaming audit events custom verification tokens
• Add assignees to a task
• Boards: Display health status on issue cards
• Comments on designs save automatically
• Manually create, name, and schedule iterations in a cadence
• Move cards on a board to the top or bottom of lists
• Design improvements to the Admin Area list of runners
• Dedicated page for merge requests and approvals settings
• Faster, easier C# scanning in SAST
• GitLab Runner 15.4
• Static Analysis analyzer updates
• GraphQL Schema support for DAST API and API Fuzzing
• Add associated release link to single tag page
• Create API endpoint to update a Protected Environment
• Show the deployment approval comment in the UI
• Show tags related to deployed commit on Environments page
• Support variables for environment:auto_stop_in
• Deploy Helm charts with the agent for Kubernetes
• Improvements to the stable Terraform template to avoid breaking changes
• Automatic disabling of failing webhooks
• GitLab chart improvements
• Move group push rules to Settings > Repository
• New App Home for GitLab Slack application
• Omnibus improvements
• Support for threaded messages in Google Chat
• Shimo as a wiki alternative
• Unified navigational elements in the top bar
• Bug fixes

---

GitLab 15.3 release (2022-Aug-22)

GitLab 15.3 release involves 63 improvements, most importantly tasks in issues, free GitOps features, SAML group link API maintenance and advanced password complexity requirements.

Key improvements:

1. Create tasks in issues

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – Users are now able to create tasks within issues from the Child Items widget. Subsequently, this allows  users directly open task within the issue to quickly update the title, set the weight, or add a description.

2. Free GitOps features

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – GitLab agent for Kubernetes that has been supporting GitOps workflows since its first release. Now, GitLab had made it functionality -pull-based deployment support available in every GitLab tier.

3. Submit merge request review with summary comment

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – This release lets you perform common tasks quicker and easier,  for example submitting review can be done by adding a summary comment along with any quick actions like /approve.

4. Add approval rules for all protected branches

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities  – This release allows users to create an MR approval rule and apply it to only protected branches in their project. With this improvement, users can more selectively apply compliance controls with enhanced granularity.

Additionally, create MR approval rules for protected branches let users ensure that the sensitive branches you depend on will be applied with proper workflows applied and at the same time not slowing down development on other branches that do not need the same level of control.

5. UI for custom HTTP headers on streaming audit events

Availability – in SaaS GitLab Ultimate and self-managed GitLab Ultimate.

Capabilities  – In this release, users can directly remove custom HTTP headers for streaming audit events in the GitLab user interface.

6. Define password complexity requirements

Availability – in self-managed GitLab Premium and Ultimate

Capabilities – In addition to the ability to set minimum password length, GitLab administrators can now define password complexity requirements which includes:

• Numbers.
• Uppercase letters.
• Lowercase letters.
• Symbols.

7. DORA custom reporting for data-driven software development improvements

GitLab 15.2 release (2022-Jul-22)

GitLab 15.2 is packed with more than 40 improvement in its release. Some of the highlights are Live preview diagrams in the wiki WYSIWYG editor, Incident timelines, Group and subgroup scan execution policies and Change failure rate chart for visualizing software stability.

Key improvements:

1. Live preview diagrams in the wiki WYSIWYG editor

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – In GitLab 15.2, wiki’s WYSIWYG editor is included with live rendered preview of your diagram. This allow detect the diagram type and display a preview icon during diagram writing.

2. Merge request reports redesign

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities -In this release, the report widgets completely follow design guidelines for layout, hierarchy, and content sections. These improvements make them more consistent, scannable, and utilitarian thus you can find actionable information in each report easily.

3. Enforce IP address restrictions for Git over SSH

Availability – in SaaS GitLab Premium and Ultimate

Capabilities – GitLab 15.2 SaaS Premium and Ultimate are now with SSH that support limiting access to requests from a trusted set of IP addresses.

4. Change failure rate chart for visualizing software stability

Availability – in SaaS GitLab Ultimate and self-managed GitLab Ultimate

Capabilities – This new releases is included with new trend chart for the DORA Change failure rate metric which display percentage of deployments that cause an incident in a production environment. With this addition, now GitLab added the  fourth DORA chart available that give insights into value stream velocity and reliability trends.

5. Group and subgroup scan execution policies

Availability – in SaaS GitLab Ultimate and self-managed GitLab Ultimate

Capabilities – This release enable security and compliance teams to apply policies uniformly to all projects by scanning execution policies at the group and subgroup level. This feature is especially helpful to organisations with large numbers of projects.

Get started by asking  your group owner to link a security policy project to your group on the Security & Compliance > Policies page.

6.  Incident timeline

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – Incident timeline feature provided in this release will help make information capture during an incident, or post incident, easy and efficient. This incident timeline allows you to manually add new timeline events, delete a timeline event, and view the incident timeline in a dedicated tab within an incident issue.

7. Set the image pull policy in pipeline configuration

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities – This release allows you to pull policies at the pipeline level which previously only applicable at runner level. You can also choose or select different pull policies for how a GitLab Runner downloads Docker images in CI/CD jobs.

Other improvements:

• Audit events for group-level merge request settings
• Audit events when two-factor authentication is disabled
• Disable user 2FA using API
• Streaming audit events for Git operations
• Custom HTTP headers for streaming audit events
• Streaming audit events for project forks
• Improvements to users’ contribution calendar for private contributions
• Improved and faster file browsing as well as  syntax highlighting
• Streaming audit events for merge request creation
• Filter jobs by status on the jobs page
• Verification token displayed in UI
• Predefined CI/CD variable for project description
• Persist last used Wiki editor
• Faster Secret Detection
• GitLab Runner 15.2
• Programmatically delete duplicate package assets
• Static Analysis analyzer updates
• License compliance support for Gradle implementation directive
• Edit protected environment approvals in project settings
• Fetch secrets based on deployment tier
• Group-level UI for protected environment settings
• API to retrieve agent server (KAS) metadata
• Updated cluster version support, including Kubernetes 1.23 and 1.24
• Enforce per-plan webhook rate limits
• Omnibus improvements
• Geo supports BuildKit cache images
• GitLab chart improvements
• Bug fixes
• Performance improvements
• Usability improvements

---

GitLab 15.1 release (2022-Jun-22)

GitLab 15.1 carries more than 30 improvements upon its release. Among the significant improvements are SAML Group Sync, SLSA level 2 build artifact attestation, links to included CI/CD configuration and enhanced visibility into value stream with DORA metrics.

Key improvements:

1. Compliance report for individual violation reporting

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities
Users can now map a group into their identity provider to a self-managed GitLab group through SAML group links which was previously a privilege features for Gitlab.com. This feature reduces workload for GitLab administrator and allows easier onboarding, the reducing members’ onboarding time.

2. Increased visibility into Value Stream with DORA metrics

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities
With the four DORA metrics tiles being added to the Value Stream Analytics dashboard, GitLab 15 users are given the ability to track team performance and value flow from ideation to customer delivery.

Furthermore, the new trend chart for the DORA Time to restore service metric to give insights into software stability and reliability trends.  This improvement offers information on the time taken by organisation to recover from production failure.

3. SLSA level 2 build artifact attestation

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities
SLSA which stands for Supply-chain Levels for Software Artifacts refers to a security framework to ensure the security and integrity of users’ software supply chain. In this recent release, GitLab Runner, is capable in generating and producing SLSA-2 compliant attestation metadata for build artifacts by default.

The new attestation in GitLab 15 allows users to verify whether the build artifacts have not been altered more easily. The only step needed is to set RUNNER_GENERATE_ARTIFACTS_METADATA = "true" in the .gitlab-ci.yml file.

4. Link to included CI/CD configuration from the pipeline editor

Availability – in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Capabilities

GitLab 15 is added with links to all included configuration files and templates to the pipeline editor, enabling the users to easily manage large and complex pipelines as they can access and view all the CI/CD configuration used in the pipeline.

Other improvements:

API includes additional detail about who added members

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Improved insights discovery in Value Stream Analytics

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Retrieve PAT by ID using API

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

GitLab.com sign-in for GitLab Workflow for VS Code

• Available in SaaS GitLab Premium and Ultimate

GitLab Runner 15.1

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

View shared runner usage per project in a group

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

FIPS-enabled Red Hat UBI Dependency Scanning image

• Available in SaaS GitLab Ultimate and self-managed GitLab Ultimate

Static Analysis analyzer updates

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Create annotated Tags with the GraphQL Release API

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Deploy keys by user API

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Agent server for Kubernetes enabled by default in the Helm chart

• Available in self-managed GitLab Premium and Ultimate

More kubectl calls for the agent CI/CD workflow

• Available in self-managed GitLab Premium and Ultimate

Geo improves observability with links to replication views

• Available in self-managed GitLab Premium and Ultimate

Geo supports OCI container images

• Available in self-managed GitLab Premium and Ultimate

Omnibus improvements

• Available in self-managed GitLab Premium and Ultimate

Improved SAML Group Link robustness on GitLab.com

• Available in SaaS GitLab Premium and Ultimate

Prevent users from using known insecure public keys

• Available in SaaS GitLab Premium and Ultimate

Block Git access protocols at group level

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Rendered images in Python notebook MRs

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Retry a downstream pipeline from the pipeline graph

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

View your runners’ upgrade status

• Available in SaaS GitLab Ultimate and self-managed GitLab Ultimate

Optionally ignore scanning NPM development dependencies

• Available in SaaS GitLab Ultimate and self-managed GitLab Ultimate

Allow CI_JOB_TOKEN authentication for Release Links API

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Create annotated tags with the Releases API

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Force stop an environment option

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

GitLab agent for Kubernetes supports proxied connections

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Container Scanning analyzer updates

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Geo proxying support for site-specific URLs

• Available in SaaS GitLab Premium and Ultimate and self-managed GitLab Premium and Ultimate

Native Geo support for Object Storage replication is Generally Available

• Available in self-managed GitLab Premium and Ultimate

Bug fixes