CIOAdvisor Apac

  • Home
  • Vendors
  • News
  • Conference
  • Whitepapers
  • Newsletter
  • Subscribe
  • About Us
  • Specials

  • Menu
      • Ad Management
      • Application Security Testing
      • Artificial Intelligence
      • BPO
      • Contact Center
      • Data Analytics
      • Deep Learning
      • Digital Marketing
      • Digital Transformation
      • Disaster Recovery Services
      • Disinfection and Sanitization
      • E-Invoicing
      • Ecommerce
      • Govt Tech
      • HubSpot
      • Human Resource
      • ICT
      • IoT
      • Laser and Photonics
      • Leadership Development
      • Logistics
      • Machine Learning
      • Marketing Technology
      • Mobile Application
      • Parking Management
      • Payment And Card
      • SDN
      • Telecom
  • Digital Transformation
  • Logistics
  • IoT
  • Payment And Card
  • Artificial Intelligence
Specials
  • Specials

  • Ad Management
  • Application Security Testing
  • Artificial Intelligence
  • BPO
  • Contact Center
  • Data Analytics
  • Deep Learning
  • Digital Marketing
  • Digital Transformation
  • Disaster Recovery Services
  • Disinfection and Sanitization
  • E-Invoicing
  • Ecommerce
  • Govt Tech
  • HubSpot
  • Human Resource
  • ICT
  • IoT
  • Laser and Photonics
  • Leadership Development
  • Logistics
  • Machine Learning
  • Marketing Technology
  • Mobile Application
  • Parking Management
  • Payment And Card
  • SDN
  • Telecom
×
#

CIO Advisor APAC Weekly Brief

Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from CIO Advisor APAC

Subscribe

loading
  • Home
  • News
Editor's Pick (1 - 4 of 8)
left
Your Application is Mostly Written by Strangers

Edwin Kwan, Head of Application and Software Security at Tyro Payments

ESG Performance - Why It's Crucial To Future Success

Jo-Anne Ruhl, vice president and managing director, Workday Australia and New Zealand.

Olympic sports training applied to media agency clients?!?

Case Study: Media consultancy leverages data to self fund client marketing campaigns

Vertical value chain integration applied to media agency clients?!?

Enterprise Digital Transformation is not for the faint hearted: Guiding principles for a enterprise-wide digital transformation

Linda Zeelie, Enterprise Digital Transformation Architect and Leader, Metlife and Nina Evans (Professorial lead: UniSA STEM, University of South Australia (UniSA))

Digital Transformation/Modernisation, It is a Continuous Journey

Fahad Najeeb, Head of Data Platforms and Engineering, Latitude Financial Services

Drive Digital Transformation with a human-centric approach

Julius Zhu, Director, Digital Transformation and IT, Aptiv

right

THANK YOU FOR SUBSCRIBING

GitLab Seeks to Protect Software Supply Chains

CIOAdvisor Apac | Thursday, November 03, 2022
Tweet

GitLab’s 2022 Global DevSecOps Survey found that security was organisations' highest priority investment area.

FREMONT, CA:GitLab, the One DevOps Platform maker, proposed updates to its security and governance solution at KubeCon + CloudNativeCon North America. Organisations can safeguard their software supply chain and incorporate security and compliance into the software development lifecycle (SDLC).

According to GitLab's 2022 Global DevSecOps Survey, 57 per cent of security experts said their organisations have already shifted security left or plan to this year. Security was also identified as the top priority investment area for organisations. GitLab is improving its Security and Governance solution to give a world-class supply chain security experience and provide visibility and management over security findings and compliance requirements to satisfy expanding security needs.

GitLab has upped its focus on governance to help teams identify risks by offering visibility into their projects' dependencies, security discoveries, and user actions in response to organisations' growing regulatory and compliance needs. This comprises tools for managing security policies, compliance, audit events, vulnerabilities, and forthcoming tools for managing dependencies, which will assist developers in keeping track of vulnerable dependencies found in their applications.

These governance capabilities can assist organisations in achieving continuous security and compliance with their software supply chain without sacrificing speed and agility. They work with a comprehensive set of security testing capabilities, including static application security testing (SAST), secret detection, dynamic application security testing (DAST), API security, fuzz testing, dependency scanning, licence compliance, and container scanning.

Organisations must be excellent at creating, running, and securing software to remain competitive and drive digital transformation. According to David DeSanto, vice president of product at GitLab, security must be integrated into all phases of the software development life cycle rather than being considered an afterthought.

GitLab is a comprehensive DevSecOps solution to help safeguard an organisation's software supply chain to improve security and governance features. The internal and external dependencies employed in creating contemporary software make up the software supply chain. Companies need to put tools in place to secure the internal code and find vulnerabilities that external components might contribute to effectively secure the supply chain.

The software supply chain of an organisation can be difficult to secure since there are so many moving parts. An automated system of checks and balances must be put in place to ensure that code is distributed effectively and safely throughout the development lifecycle. By decreasing handoffs and enhancing transparency surrounding ownership and access, a DevSecOps Platform implementation can help to some extent with end-to-end security.

GitLab, released earlier this year, assists businesses in developing SBOMs, automatically scanning components for vulnerabilities, and providing advice on how to fix those vulnerabilities within the developer's normal workflow. Ingest SBOM Report is a forthcoming function. By parsing and absorbing pre-existing SBOM data from third parties to aggregate data for the convenience of use and support safe developer processes, this feature is predicted to assist GitLab in more effectively creating SBOMs.

A future feature will allow GitLab to cryptographically sign both the build artefact and the attestation file to verify the build artefact's validity and show that they were not altered after generation.

 

Featured Vendors

  • MVI Technologies: Innovative, Future-proof Financial and Payment Switching
    MVI Technologies: Innovative, Future-proof Financial and Payment Switching
  • DATAMARK: Process Driven Solutions in Action
    DATAMARK: Process Driven Solutions in Action
  • IMACREA: Shaping the Future of Teleworking
    IMACREA: Shaping the Future of Teleworking
  • PuzzleBox BPO, Inc.: A Hybrid Platform for Customer Support and Sales Empowerment
    PuzzleBox BPO, Inc.: A Hybrid Platform for Customer Support and Sales Empowerment
ON THE DECK

Read Also

Safeguarding Quality through Proactive Risk Management

Cultivating a Culture of Agility: Nurturing Adaptability for Organizational Success

Governance for Smarter KPIs: Enhancing Performance Measurement

Embracing the Irreplaceable Human in Business and Beyond

Leveraging Gamification for Deeper Financial Engagement

Generative AI: The Game-Changer Automates Marketing For The Retail Industry

Loading...

I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

Copyright © 2025 CIO Advisorapac. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy |  Sitemap

follow on linkedinfollow on twitter
This content is copyright protected

However, if you would like to share the information in this article, you may use the link below:

https://www.cioadvisorapac.com/news/gitlab-seeks-to-protect-software-supply-chains-nwid-2711.html