Register and login with DingTalk
Jihu GitLab 14.5 supports the configuration of using DingTalk account to register. In China, many companies that use DingTalk say it is a very convenient way to login into JiHu GitLab with DingTalk.
For the account that already created can also be bound DingTalk through “User Settings - Account - Social sign-in”.
Introducing Infrastructure as Code (IaC) security scanning
With JiHu GitLab 14.5 we’re introducing security scanning for Infrastructure as Code (IaC) configuration files. Like all our SAST scanners, we’ve chosen to make this capability available for all customers for free to encourage secure coding practices with the rise of IaC. The initial version of this IaC security scanner supports configuration files for Terraform, Ansible, AWS CloudFormation, and Kubernetes and is based on the open-source Keeping Infrastructure as Code Secure (KICS) project. This new IaC scanning capability joins our existing Kubernetes manifest SAST scanner.
If you’re familiar with JiHu GitLab SAST, JiHu GitLab’s IaC scanning works exactly the same and supports the same features including a standalone IaC scanning CI configuration file, UI based enablement tool on the Security Configuration Page and support for all our Ultimate tier Vulnerability Management features including Security Dashboards and Merge Request widget. With this new IaC scanning template, we’ve also made it easy to extend our IaC scanning with additional scanners and welcome community contributions using our secure scanner integration framework.
Fine grained permissions control with the CI/CD tunnel
Keeping your clusters’ access safe is paramount for most companies. The CI/CD Tunnel for the JiHu GitLab Kubernetes Agent enables secure access to the cluster from within JiHu GitLab CI/CD. Until now, the Tunnel inherited all the permissions of the service account of the installed agent in the cluster. Many users need stricter permission controls, preferably at the user or job level.
In JiHu GitLab 14.5, we are pleased to release a generic access impersonation and a CI/CD job impersonation. These impersonations can be specified in the Agent configuration file, and the impersonated account permissions can be managed using Kubernetes RBAC rules.
JiHu GitLab Kubernetes Agent available in JiHu GitLab Free
Connecting a Kubernetes cluster with the JiHu GitLab Kubernetes Agent simplifies the setup for cluster applications and enables secure GitOps deployments to the cluster. Initially, the JiHu GitLab Kubernetes Agent was available only for Premium users. In our commitment to the open source ethos, we moved the core features of the JiHu GitLab Kubernetes Agent and the CI/CD Tunnel to JiHu GitLab Free. We expect that the open-sourced features are compelling to many users without dedicated infrastructure teams and strong requirements around cluster management. Advanced features remain available as part of the JiHu GitLab Premium offering.
Cleaner diffs for Jupyter Notebook files
Jupyter notebooks are key to data scientists’ and machine learning engineers’ workflows, but the file structure makes code review challenging. Often, the files can’t be reviewed properly, and users are forced to accept those changes or treat their repositories as stores of data versus collaborative projects.
Now JiHu GitLab automatically strips out the noise and displays a cleaner version of the diff for these files. Human-readable diffs make it easier to review the substance of the change, without worrying about the formatting pieces that Jupyter Notebooks need.
Geo provides a single command to promote a secondary node
When performing a failover, systems administrators use different tools depending on the underlying architecture. On a single-node Geo site, administrators can use the gitlab-ctl promote-to-primary-node command. However, multi-node sites did not support this command and required manual editing of configuration. This was cumbersome for large environments because it required updating dozens of configuration files.
Now, administrators can use gitlab-ctl geo promote on any node of a Geo secondary site to promote it to a primary. In a disaster recovery scenario or planned failover, this saves precious time and reduces potential errors when promoting a secondary site to a primary. This command also makes it easier to script the failover process.
As of JiHu GitLab 14.5, the commands gitlab-ctl promote-to-primary-node and gitlab-ctl promote-db are deprecated and will be removed in JiHu GitLab 15.0.
Explore project topics tab
In this release, we’ve added a new Explore topics tab in Projects.
- Topics are sorted by popularity (the number of projects with this topic).
- Topics can be searched by name and are then sorted by similarity and by popularity.
When you select a topic, you can view its description and avatar, and all of its corresponding projects.
Topic management in the Admin Area
In this release, we’ve introduced several features for administrators to manage project topics in the Admin Area:
- Add and edit project topics.
- Search topics based on any string.
- Add avatars and descriptions to topics (supports Markdown).
Group-level settings for merge request approvals
You can now define and enforce values for merge request approval settings at the group level. These values cascade and are used by any projects within the group.
Group-level merge request approvals make it easy for organizations to ensure proper separation of duties across all teams. You only have to specify settings in a single location now, rather than needing to update and monitor every project. When set at the group level, you:
- Can be confident that projects will use consistent separation of duties workflows.
- Do not need to manually check that every project has not had its settings modified.
Add personal README to profile
You can now add a README section to your JiHu GitLab profile! This is a great way to tell others about, your interests, how you work, or anything else you want!
To add a README section, create a new public project with the same name as your user account and add a new README file. The contents of that file are automatically shown on your JiHu GitLab profile.
Fine-tune vulnerability check rules
When defining vulnerability check rules, users need a high degree of granularity so they can tailor the rules to only trigger MR approval when it is required per their organization’s security policies. JiHu GitLab now supports more granular vulnerability check rules. Users can now define which scanners, severity levels, and vulnerability types are considered when triggering a rule. Additionally, users can set a minimum threshold for the number of vulnerabilities that must meet the criteria before the MR requires approval. By only requiring vulnerability check approvals on MRs that truly need it, this increased granularity allows teams to free up developers and security teams. You can configure these granular vulnerability checks by navigating to the Settings > General > Merge request approvals page in your project.
Additional Secret Detection pattern support
We’ve updated the JiHu GitLab Secret Detection scanner to detect 47 new ‘well-identifiable’ secret patterns for widely used applications. This brings the JiHu GitLab Secret Detection detection up to over 90 detectable patterns.
