GitLab 14.8 adds security approval policies, extends SSH support
Newly arrived GitLab 14.8 updates the software delivery platform with hardware-backed authentication and security approval policies.Announced February 22, GitLab 14.8 has new SSH key types supporting OpenSSH 8.2, with backing for FIDO/U2F hardware authenticators with ecdsa-sk and ed25519-sk key types. With this support, users can leverage hardware-backed SSH authentication. [ Also on InfoWorld: 6 Git mistakes you will make — and how to fix them ] GitLab also now supports flexible security approvals as the replacement for the deprecated Vulnerability-Check feature. These approvals are similar to Vulnerability-Check in that both can contain approvals for merge requests containing security vulnerabilities. But they introduce a number of new capabilities. Users can choose who can edit approval rules. Multiple rules can be created and chained together, allowing for filtering on severity thresholds for each scanner type. A single set of security policies can be applied to multiple development projects. And a two-step approval process can be enforced for desired changes to approval rules.To read this article in full, please click here
Newly arrived GitLab 14.8 updates the software delivery platform with hardware-backed authentication and security approval policies.
Announced February 22, GitLab 14.8 has new SSH key types supporting OpenSSH 8.2, with backing for FIDO/U2F hardware authenticators with ecdsa-sk and ed25519-sk key types. With this support, users can leverage hardware-backed SSH authentication.
GitLab also now supports flexible security approvals as the replacement for the deprecated Vulnerability-Check feature. These approvals are similar to Vulnerability-Check in that both can contain approvals for merge requests containing security vulnerabilities. But they introduce a number of new capabilities. Users can choose who can edit approval rules. Multiple rules can be created and chained together, allowing for filtering on severity thresholds for each scanner type. A single set of security policies can be applied to multiple development projects. And a two-step approval process can be enforced for desired changes to approval rules.
