Version management: GitLab 15.7 brings CLI and browser-based security tests

Shortly before Christmas, the creators behind GitLab presented Release 15.7 of their software to the public. It brings a new version of the command line, general availability of browser-based DAST (Dynamic Application Security Testing), support for GitOps deployments outside of the standard branch, and a whole host of other improvements.

GitLab version 15.6 was only released in November, which, among other things, brought special character support in CI/CD variables. in one current blog entry Now around December, the GitLab team emphasizes that the command line is one of the most important tools in a software engineer’s toolbox and presents the new CLI. It allows developers to customize their command line with styles and also extend it through applications to make tasks easier to perform.



The glab open-source project now forms the basis for GitLab 15.7’s native CLI.

(Image: GitLab)

Therefore, the open source project glab which now forms the basis of GitLab’s native CLI. GitLab’s command-line interface should be able to work with Git and developers’ code without them having to switch applications or tabs. In another blog post interested parties can learn more about the acquisition of glab read about the partnership with 1Password and how they can contribute to the project. The improvements and extensions of the CLI are available both in the free variant of GitLab and in the commercial versions Premium and Ultimate. This applies to the SaaS and also to the self-managed versions of the software.

After the proprietary browser-based DAST analyzer was available in beta since GitLab 13.2, the development team has now released it for general availability in GitLab 15.7. Developed entirely in-house, the new analyzer uses a browser to authenticate, crawl, and scan web applications for vulnerabilities. Traditional DAST analyzers use a proxy-based approach to intercept requests and analyze them for vulnerabilities.

With the browser-based approach, GitLab developers are now able to run JavaScript directly in the browser like a user would, ensuring your entire application is scanned for vulnerabilities. The new analyzer aims to cover more pages of an application and reduce the number of false alarms reported.

The team is currently going to the in the template DAST.gitlab-ci.yml Do not switch the standard analyzer used to the browser-based analyzer so that users can make the switch manually and test it themselves. However, they plan to use the analyzer as the default for all DAST scans “sometime in the future”. DAST is only available in the Self-Managed Ultimate version of the software.

The GitLab team can also announce the availability of the Web IDE beta version with this last release of 2022.



With version 15.7, GitLab also offers a first look at the new web editor based on Visual Studio Code.

(Image: GitLab)

It’s a web editor based on Visual Studio Code that offers new features, a more flexible and familiar user interface, and the ability to connect directly to a remote development environment. In conjunction with a cloud runtime environment, the web IDE beta is intended to enable more advanced real-time development workflows.

Access to this editor is only possible in self-managed instances if a GitLab 15.7 feature flag disabled by default is activated. Also stands for the new editor detailed blog entry ready, which deals with the possibilities of the tool. Further information on details and innovations in GitLab 15.7 can be found in a extensive blog entry. The new CLI and Web IDE are open to all users, while the browser-based advanced DAST analyzer is only included in the Ultimate variant for data center installation.


(fms)

To home page

source site