Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News GitLab 15 Improves Editing, Metrics, Container Scanning, Security and More

GitLab 15 Improves Editing, Metrics, Container Scanning, Security and More

With the recent release of GitLab version 15.2, open-core company GitLab Inc. has announced a series of improvements, including an enhanced Wiki editor, adding SAML integration for enterprises, improving dashboards, and adding internal notes. From a security perspective, basic container scanning is improved, and developers have new abilities to ensure upstream dependencies have not been tampered with.

GitLab 15.0 was released in May and was incrementally improved in June with version 15.1.  July's release of 15.2 brings further improvements and fixes. The highlights of these three releases are:

  • Many improvements have been made to the editor for the Wiki, such as adding links, media, and code blocks with syntax highlighting for over 100 languages. Editing diagrams is much easier with a live preview available. Thanks to a new popover menu, links and media are now easier to work with. Wikis can now also be set up for groups, allowing documentation to span multiple projects.
  • For organizations using a self-managed GitLab installation rather than the SaaS offering at, group memberships can now be mapped to a group in their identity provider using SAML (Security Assertion Markup Language). This removes the need to duplicate group memberships between the identity provider and GitLab for self-managed installations.
  • The Value Stream Analytics dashboard now includes the four key DORA metrics, and a trend chart for the Time to Restore Service and Change Failure Rate metrics, allowing users to see team performance and the value flow of the organization.
  • GitLab can now generate SLSA (Supply-chain Levels for Software Artifacts) attestations to store in a registry, helping developers verify that artifacts have not been tampered with.
  • Issue planning for agile teams using regular iteration cadences becomes easier, as GitLab now allows admins to set up iterations on regular cadences (for example, bi-weekly), and it's now possible to have unfinished issues roll over automatically from one cadence to the next.
  • Internal notes are new in GitLab 15. These allow organisations with publically-facing issues and epics to use notes internally within the team which is not seen by the public. This can help protect confidential or personal data relevant to the issue that might otherwise be exposed.
  • Basic container scanning is now available in all tiers, allowing all developers to find basic vulnerabilities.
  • Scan execution policies can also now be implemented at group and subgroup levels, allowing security teams to apply policy consistently.
  • The Advanced Search functionality is now compatible with OpenSearch - removing the need for admins using AWS-managed service to use older versions of Elasticsearch.
  • Nested CI/CD variables can now be used with environments - enabling organisations to remove duplication and hierarchically organise variables.
  • This nesting can cause complex CI/CD configurations with nested includes to be hard to debug and manage, so GitLab now incorporates easy links to all included configuration files and templates.
  • Users can now manage customer contacts and organizations within GitLab as part of a nascent customer relations management (CRM) feature.
  • Incident timelines can now be created, allowing organizations to log and report on problems that occur without leaving the GitLab interface.

Those eager to upgrade should also consider that there are several breaking changes in version 15, which are detailed here. The full release announcements for 15.0, 15.1, and 15.2 are also available.

About the Author

Rate this Article