GitLab’s 2022 Global DevSecOps Survey found that security was organisations' highest priority investment area.

FREMONT, CA:GitLab, the One DevOps Platform maker, proposed updates to its security and governance solution at KubeCon + CloudNativeCon North America. Organisations can safeguard their software supply chain and incorporate security and compliance into the software development lifecycle (SDLC).

According to GitLab's 2022 Global DevSecOps Survey, 57 per cent of security experts said their organisations have already shifted security left or plan to this year. Security was also identified as the top priority investment area for organisations. GitLab is improving its Security and Governance solution to give a world-class supply chain security experience and provide visibility and management over security findings and compliance requirements to satisfy expanding security needs.

GitLab has upped its focus on governance to help teams identify risks by offering visibility into their projects' dependencies, security discoveries, and user actions in response to organisations' growing regulatory and compliance needs. This comprises tools for managing security policies, compliance, audit events, vulnerabilities, and forthcoming tools for managing dependencies, which will assist developers in keeping track of vulnerable dependencies found in their applications.

These governance capabilities can assist organisations in achieving continuous security and compliance with their software supply chain without sacrificing speed and agility. They work with a comprehensive set of security testing capabilities, including static application security testing (SAST), secret detection, dynamic application security testing (DAST), API security, fuzz testing, dependency scanning, licence compliance, and container scanning.

Organisations must be excellent at creating, running, and securing software to remain competitive and drive digital transformation. According to David DeSanto, vice president of product at GitLab, security must be integrated into all phases of the software development life cycle rather than being considered an afterthought.

GitLab is a comprehensive DevSecOps solution to help safeguard an organisation's software supply chain to improve security and governance features. The internal and external dependencies employed in creating contemporary software make up the software supply chain. Companies need to put tools in place to secure the internal code and find vulnerabilities that external components might contribute to effectively secure the supply chain.

The software supply chain of an organisation can be difficult to secure since there are so many moving parts. An automated system of checks and balances must be put in place to ensure that code is distributed effectively and safely throughout the development lifecycle. By decreasing handoffs and enhancing transparency surrounding ownership and access, a DevSecOps Platform implementation can help to some extent with end-to-end security.

GitLab, released earlier this year, assists businesses in developing SBOMs, automatically scanning components for vulnerabilities, and providing advice on how to fix those vulnerabilities within the developer's normal workflow. Ingest SBOM Report is a forthcoming function. By parsing and absorbing pre-existing SBOM data from third parties to aggregate data for the convenience of use and support safe developer processes, this feature is predicted to assist GitLab in more effectively creating SBOMs.

A future feature will allow GitLab to cryptographically sign both the build artefact and the attestation file to verify the build artefact's validity and show that they were not altered after generation.