GitLab expands its DevOps platform with new observability and security tools

GitLab, the popular open source DevOps service, today announced version 15 of its platform. As usual, GitLab is basically announcing its roadmap for the entirety of the GitLab 15 release cycle here, with all of the new features rolling out over the course of the next year or so. The company says it will focus on observability, security, enterprise planning and workflow automation.

One of the first new features GitLab plans to launch is based on its acquisition of Opstrace last December.

“We’re going to continue to integrate not just an observability platform — available by default for developers to store their observability data and easily instrument their apps — but bring really great experiences that no other DevOps platform can create by showcasing that information in the right context for developers,” Kenny Johnston, product leader at GitLab, told me during an interview at last week’s KubeCon Europe event. “Think about things like developers writing code and being aware of recent incidents or errors related to that specific part of the code.”

Image Credits: GitLab

But in addition to giving developers more context around how their code performs (or fails), the new release will also give teams more insights into their overall DevOps process. Since teams are doing all of their DevOps work on GitLab, the service can provide metrics like time to merge, change failure rates or deployment frequency. GitLab is now expanding its support for all DevOps Research and Assessment (DORA4) metrics. “What we’re realizing is that it’s not just one number,” Johnston said. “It’s also important how you slice that number, so you need that number by an individual team, for example. [ … ] You can get a kind of team-based score for each one of those [teams] and then organizations can say: What’s that team doing that these other teams should be doing?”

On the security side, GitLab is adding new software supply chain security features in this cycle (no surprise there, given that it’s maybe the hottest topic in security right now). Teams will soon be able to automatically generate a Software Bill of Materials with a signed attestation for build artifacts, for example. Security teams will also be able to set group-level security policies soon, and the company is adding next-gen security testing tools to its scanners.

Also new in this release are additional features in GitLab’s planning tools to provide teams with more flexibility as to which frameworks they want to use, as well as a few quality-of-life changes like the addition of saves views and queries. GitLab 15 will also get the ability to automatically select code reviewers and the next workflow steps.

More importantly, though, GitLab is also launching new tools to make it easier for developers and the data science teams that are building ML models to work together. “We’re seeing this very common pattern of a mix between application, software data and models — and the DevOps process for that is that we write new code that’s going to take advantage of this new model. But we have a really hard time ensuring that the changes we’re making in the model and the code are combined together because the model is in a different application than where the code is.”