GitLab update addresses pipeline execution vulnerability

GitLab has released critical security updates to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to run pipeline jobs as arbitrary users.

The company strongly recommends all GitLab installations be upgraded immediately to the latest versions: 17.1.2, 17.0.4, or 16.11.6 for both Community Edition (CE) and Enterprise Edition (EE).

The most critical vulnerability (CVE-2024-6385) affects GitLab versions 15.8 to 17.1.1. With a CVSS...

11 July 2024 | Developer

GitLab’s DevSecOps report highlights AI challenges

GitLab's 8th annual Global DevSecOps Report has unveiled a complex landscape of software development, highlighting disparities between executive perceptions and developer realities. The survey, conducted in April 2024, gathered insights from over 5,300 professionals across the software development spectrum.

While 69% of CxOs report shipping software at least twice as fast as last year, AI adoption remains low, with only 26% of respondents implementing AI in their workflows. This...

28 June 2024 | Approaches

Fortifying app security with the help of Terraform

A staple of DevOps tech stacks, Terraform is an Infrastructure-as-Code (IaC) provisioning and management tool developed by HashiCorp. While Terraform itself is rarely associated with app security and is not directly related to the safety and cyber protection of applications, using it correctly is pivotal in the implementation of security best practices. 

As DevOps continues to morph into DevSecOps, and as supply chain attacks continue to breach enterprise systems,...

18 April 2024 | Cloud

David DeSanto, GitLab: AI’s impact on software development in 2024

David DeSanto, Chief Product Officer at GitLab, foresees a paradigm shift in the realm of software development in 2024—with AI taking centre stage.

GitLab's 2023 Global DevSecOps Report serves as the foundation for these predictions, offering a glimpse into the future landscape of organisations' software development toolchains.

AI bias: A hurdle on the path to progress

In the short term, the accelerated integration of AI tools may present a formidable challenge: an...

7 December 2023 | Approaches

Salt launches STEP program to enhance API security for enterprises

Salt Security has launched an initiative to help enterprises significantly reduce risk across their API ecosystem.

The STEP (Salt Technical Ecosystem Partner) program encompasses the integration of AI-driven API security insights into existing workflows and tools within organisations. This integration empowers joint customers to bolster their security posture using the Salt Security API Protection Platform.

Salt has introduced STEP’s inaugural partners, focusing on API...

23 August 2023 | API

A new IT fabric for speed, diversity, and security

Perspectives on the days, months and years ahead in the new technology fabric driving people, organisations and society at large. Written by Patrick Jean, CTO, OutSystems and Miguel Lopes, VP Platform Strategy at OutSystems.

Technology changes all the time. That’s part of the core dynamism that drives so many of us to embrace its ability to innovate around, through and between many of the challenges of modern life.

As we look forward to the major change factors that...

7 February 2022 | Approaches

Boris Cipot, Synopsys Software Integrity: On the cybersecurity landscape and countering threats

Following a year of high-profile cyberattacks, developers are understandably concerned their software could be the next to be compromised.

Developer caught up with Boris Cipot, Senior Sales Engineer at Synopsys Software Integrity, to discuss the cybersecurity landscape and how developers can secure their software.

Cipot came to Synopsys following the company’s acquisition of Black Duck Software. Prior to those companies, Cipot held senior roles at anti-malware...

13 August 2021 | DevOps

2021 State of DevOps report highlights factors that lead to success

Puppet’s latest State of DevOps report arrives ten years after the first edition and highlights that successful DevOps is dependent on a number of factors.

The first State of DevOps report was released when DevOps was only discussed by some cutting-edge decision-makers. A decade on, 83 percent now report their organisations are implementing DevOps practices.

Michael Stahnke, VP of Platform at CircleCI, said:

“In ten years, we've gone from hype to practice...

20 July 2021 | DevOps

At DevSecCon24, find out how to build a Security Champions programme to scale your team

Next week, we’re looking forward to bringing together the amazing speakers, attendees and sponsors of DevSecCon24 to discuss, debate and understand how a Security Champions programme can work. As Snyk’s Field CTO, I’ll be leading a panel with stellar DevSecOps leaders from Twilio, Atlassian and Pearson to delve into how to get started, the challenges and the fine-tuning. Here’s a taster of where the discussion might lead.

The concept of a Security Champions...

16 June 2021 | Hacking & Security

GitLab: 2020 was a ‘catalyst for DevOps maturation’

GitLab’s fifth annual DevSecOps survey reveals that last year was pivotal for the maturation of DevOps.

The only silver lining from the disaster of a year that was 2020 is that it helped to highlight inefficiencies with legacy processes and technologies. As the world looks to "build back better" from the pandemic, the work of DevOps teams should provide some inspiration.

Eric Johnson, CTO at GitLab, said:

“This year’s Global DevSecOps Survey shows that...

5 May 2021 | Approaches