Rule mode for scan result policies
With the JiHu GitLab 14.9 release, users can now use rule mode to design and edit scan result policies without needing to edit the policy’s YAML directly. This new UI editor makes it easier for users who want to create and manage MR approval rules that are triggered when a given threshold of vulnerabilities are detected in the MR.
To get started with this new rule mode, navigate to Security & Compliance > Policies and create a new Scan Result policy.
Deployment Approval on the Environments page
We are excited to introduce the Deployment Approval capability in the JiHu GitLab interface. In JiHu GitLab 14.8, we introduced the ability to approve deployments via the API. Now, deployment approvers can view a pending deployment and approve or reject it conveniently directly in the Environments page. This update continues our work to enable teams to create workflows for approving software to go to production or other protected environments. With this update, we are now upgrading the feature to beta.
New design for the Environments Page
Previously, the Environments page enabled you to operate and understand deployments but the design hid some important information and was difficult to read. In JiHu GitLab 14.9, we made a comprehensive update to the page so that you can answer key questions about your environments and deployments. Now, you can easily see the status of the latest deployment, the status for various environments, and which commits have been deployed.
Project Level Time to restore service API
In this release, we added API support for Time to Restore Service. This is the 3rd of the 4 DORA Metrics. This data helps teams continuously improve in their stability metrics.
Integrated security training
JiHu GitLab provides a comprehensive set of security scanning tools that can identify all manner of security issues. Scanner findings are presented in merge requests, pipelines, and in a dedicated Vulnerability Report. When available, a recommended solution is given. However, this is not possible for all findings. Presenting security findings without guidance on how to fix identified problems or explaining the problem’s potential impact can be challenging for anyone not familiar with the specific security issue identified. This increases the time and friction involved in assessing and ultimately fixing security issues — especially in developer workflows.
We’re pleased to announce the launch of our new integrated security training functionality. Two new partners are providing the training content. JiHu GitLab is already where many developers are working, so we designed a solution to provide context-aware security training options from inside the JiHu GitLab experience.
Simply enable security training for your projects, select your preferred content sources, and view the results from a security scan. In the vulnerability finding, you’ll find a direct link to the security training that most closely matches the particular security issue, and the specific language or framework in which it was detected. Now developers can spend a few quick minutes reviewing targeted, context-relevant training to address security issues as part of their normal development workflow.
