GitLab 14.8 adds security approval policies, extends SSH support

Newly arrived GitLab 14.8 updates the software delivery platform with hardware-backed authentication and security approval policies.Announced February 22, GitLab 14.8 has new SSH key types supporting OpenSSH 8.2, with backing for FIDO/U2F hardware authenticators with ecdsa-sk and ed25519-sk key types. With this support, users can leverage hardware-backed SSH authentication. [ Also on InfoWorld: 6 Git mistakes you will make — and how to fix them ] GitLab also now supports flexible security approvals as the replacement for the deprecated Vulnerability-Check feature. These approvals are similar to Vulnerability-Check in that both can contain approvals for merge requests containing security vulnerabilities. But they introduce a number of new capabilities. Users can choose who can edit approval rules. Multiple rules can be created and chained together, allowing for filtering on severity thresholds for each scanner type. A single set of security policies can be applied to multiple development projects. And a two-step approval process can be enforced for desired changes to approval rules.To read this article in full, please click here

Nov 30, -0001 - 00:00
 0
GitLab 14.8 adds security approval policies, extends SSH support
Techatty All-in-1 Publishing
Techatty All-in-1 Publishing

Newly arrived GitLab 14.8 updates the software delivery platform with hardware-backed authentication and security approval policies.

Announced February 22, GitLab 14.8 has new SSH key types supporting OpenSSH 8.2, with backing for FIDO/U2F hardware authenticators with ecdsa-sk and ed25519-sk key types. With this support, users can leverage hardware-backed SSH authentication.

GitLab also now supports flexible security approvals as the replacement for the deprecated Vulnerability-Check feature. These approvals are similar to Vulnerability-Check in that both can contain approvals for merge requests containing security vulnerabilities. But they introduce a number of new capabilities. Users can choose who can edit approval rules. Multiple rules can be created and chained together, allowing for filtering on severity thresholds for each scanner type. A single set of security policies can be applied to multiple development projects. And a two-step approval process can be enforced for desired changes to approval rules.

To read this article in full, please click here

Talk to Techatty
Talk to Techatty
Techatty Connecting the world of tech differently! Read. Write. Learn. Thrive. Make an informed decision without distractions. We are building tech media and publication networks to connect YOU and everyone to reliable information, opportunities, and resources to achieve greater success.