Streaming audit events
You can now stream audit events to a destination of your choosing! This is a great way to correlate JiHu GitLab audit events with other data streams you have, maintain a backup of audit events, or build out your own automation to take action when a specific audit event happens.
You can specify an HTTPS endpoint with our new GraphQL API and events are sent to it as webhooks. These messages contain the same information as the Audit Events UI about what type of change happened, when it happened, who was involved, as well as some additional metadata.
After you receive those messages, you can filter based on person, type, or inject that data into another third-party tool. This is a great way to trigger any custom automation you have built if, for example, a new user is created or a key setting is changed. We’re excited to see what you use streaming audit events for and would love to hear from you about it! Let us know by commenting on the epic.
JiHu GitLab Runner compliant with FIPS 140-2
For some JiHu GitLab customers, U.S. government regulatory requirements require the use of FIPS (Federal Information Processing Standards) compliant software. The FIPS 140-2 and FIPS 140-3 publications define the security requirements for cryptographic modules used in computer and telecommunication systems, and within cyber systems that protect sensitive information. JiHu GitLab Runner is now FIPS 140-2 compliant for AMD64 compute architectures and Red Hat Enterprise Linux (RHEL) distributions. Refer to this epic to follow the discussions about making JiHu GitLab FIPS compliant.
Group access tokens
With group access tokens, you can use a single token to perform actions for groups, manage the projects within the group, and, in JiHu GitLab 14.2 and later, authenticate with Git over HTTPS.
Previously, group access tokens were limited to self-managed instances only, and could only be generated using the Rails console. Now, you can create group access tokens using the UI and API. You can define token name, expiration date, and scope. You can also revoke an existing group access token.