GitLab has announced numerous new security and compliance features and enhancements to its platform that are intended for securing software supply chain.
The new capabilities include security policy management, compliance management, events auditing, and vulnerability management.
A dependency management capability to help developers track vulnerabilities in dependencies they are using will be available at a later date. Organizations will be able to automatically scan for vulnerabilities in source code, containers, dependencies, and applications in production.
The platform will be able to track changes and implement controls to define what goes into production, helping organizations ensure that they are adhering to license compliance and regulatory frameworks.
These enhancements are designed to provide developers with tools to proactively scan for vulnerabilities and implement controls to secure applications. Developers also have access to actionable and relevant secure coding guidance within the GitLab platform.
GitLab promises upcoming features, such as a mechanism to parse and ingest existing software bill of materials data from third parties to create a comprehensive software bill of materials for the project, as well as the ability to cryptographically sign both the build artifact and attestation file to prove builds have not been altered.
Another upcoming feature will allow GitLab administrators and group owners to create new customized roles with granular permissions to help security teams align role-based access control with the organization’s policies.