Skip to content
Snippets Groups Projects
Commit 1cd66ba3 authored by Hanif Smith-Watson's avatar Hanif Smith-Watson
Browse files

Cleanse redirects.yml - 2

parent ceac4660
No related branches found
No related tags found
1 merge request!116774Cleanse redirects.yml - 2
Showing
with 40 additions and 143 deletions
......@@ -725,12 +725,6 @@
- sources: /job-families/marketing/online-growth-manager
target: /job-families/marketing/digital-marketing-programs-manager/
comp_op: ^~
- sources:
- /2019/06/04/gitlab-11-11-2-released/
- /2019/06/05/gitlab-11-11-2-released/
- /blog/2019/06/05/gitlab-11-11-2-released/
target: /releases/2019/06/05/gitlab-11-11-2-released/
comp_op: '~'
- sources: /handbook/marketing/marketing-sales-development/
target: /handbook/marketing/revenue-marketing/
comp_op: '~'
......@@ -1005,103 +999,6 @@
- /job-families/finance/revenue-manager/
target: /job-families/finance/revenue-accounting/
comp_op: '='
- sources: /blog/2019/01/03/gitlab-11-6-2-released/
target: /releases/2019/01/03/gitlab-11-6-2-released/
comp_op: '~'
- sources: /blog/2019/01/05/gitlab-11-6-3-released/
target: /releases/2019/01/05/gitlab-11-6-3-released/
comp_op: '~'
- sources: /blog/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/
target: /releases/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/
comp_op: '~'
- sources: /blog/2019/01/17/gitlab-11-6-5-released/
target: /releases/2019/01/17/gitlab-11-6-5-released/
comp_op: '~'
- sources: /blog/2019/01/22/gitlab-11-7-released/
target: /releases/2019/01/22/gitlab-11-7-released/
comp_op: '~'
- sources: /blog/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
target: /releases/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
comp_op: '~'
- sources: /blog/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/
target: /releases/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/
comp_op: '~'
- sources: /blog/2019/02/07/gitlab-11-7-5-released/
target: /releases/2019/02/07/gitlab-11-7-5-released/
comp_op: '~'
- sources: /blog/2019/02/22/gitlab-11-8-released/
target: /releases/2019/02/22/gitlab-11-8-released/
comp_op: '~'
- sources: /blog/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
target: /releases/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
comp_op: '~'
- sources: /blog/2019/03/14/gitlab-11-8-2-released/
target: /releases/2019/03/14/gitlab-11-8-2-released/
comp_op: '~'
- sources: /blog/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/
target: /releases/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/
comp_op: '~'
- sources: /blog/2019/03/22/gitlab-11-9-released/
target: /releases/2019/03/22/gitlab-11-9-released/
comp_op: '~'
- sources: /blog/2019/03/26/gitlab-11-9-1-released/
target: /releases/2019/03/26/gitlab-11-9-1-released/
comp_op: '~'
- sources: /blog/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
target: /releases/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
comp_op: '~'
- sources: /blog/2019/04/04/gitlab-11-9-6-released/
target: /releases/2019/04/04/gitlab-11-9-6-released/
comp_op: '~'
- sources: /blog/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/
target: /releases/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/
comp_op: '~'
- sources: /blog/2019/04/11/gitlab-11-9-8-released/
target: /releases/2019/04/11/gitlab-11-9-8-released/
comp_op: '~'
- sources: /blog/2019/04/22/gitlab-11-10-released/
target: /releases/2019/04/22/gitlab-11-10-released/
comp_op: '~'
- sources: /blog/2019/04/24/gitlab-11-5-11-released/
target: /releases/2019/04/24/gitlab-11-5-11-released/
comp_op: '~'
- sources: /blog/2019/04/24/gitlab-11-10-1-released/
target: /releases/2019/04/24/gitlab-11-10-1-released/
comp_op: '~'
- sources: /blog/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
target: /releases/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
comp_op: '~'
- sources: /blog/2019/04/30/security-release-gitlab-11-dot-10-dot-3-released/
target: /releases/2019/04/30/security-release-gitlab-11-dot-10-dot-3-released/
comp_op: '~'
- sources: /blog/2019/05/01/gitlab-11-10-4-released/
target: /releases/2019/05/01/gitlab-11-10-4-released/
comp_op: '~'
- sources: /blog/2019/05/22/gitlab-11-11-released/
target: /releases/2019/05/22/gitlab-11-11-released/
comp_op: '~'
- sources: /blog/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
target: /releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
comp_op: '~'
- sources: /blog/2019/06/05/gitlab-11-10-6-released/
target: /releases/2019/06/05/gitlab-11-10-6-released/
comp_op: '~'
- sources: /blog/2019/06/10/gitlab-11-11-3-released/
target: /releases/2019/06/10/gitlab-11-11-3-released/
comp_op: '~'
- sources: /blog/2019/06/22/gitlab-12-0-released/
target: /releases/2019/06/22/gitlab-12-0-released/
comp_op: '~'
- sources: /blog/2019/06/25/gitlab-12-0-1-released/
target: /releases/2019/06/25/gitlab-12-0-1-released/
comp_op: '~'
- sources: /blog/2019/06/26/gitlab-12-0-2-11-11-4-11-10-7-released/
target: /releases/2019/06/26/gitlab-12-0-2-11-11-4-11-10-7-released/
comp_op: '~'
- sources: /blog/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
target: /releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
comp_op: '~'
- sources: /blog/2019/07/22/gitlab-12-1-released/
target: /releases/2019/07/22/gitlab-12-1-released/
comp_op: '~'
......
......@@ -95,7 +95,7 @@ features:
Remediation should be a simple process to quickly fix vulnerabilities
in your code. It is important to make security patches easy, allowing developers
to focus on what they are supposed to do.
In GitLab 11.7, we provided a [remediation patch file](/blog/2019/01/22/gitlab-11-7-released/#remediate-vulnerability-with-patch-file),
In GitLab 11.7, we provided a [remediation patch file](/releases/2019/01/22/gitlab-11-7-released/#remediate-vulnerability-with-patch-file),
but users had to download it, apply it locally, and then push changes back to the remote repository.
 
GitLab 11.9 automates this flow. Now, remediation can be done without leaving
......@@ -137,7 +137,7 @@ features:
confidence it is totally compatible with your current GitLab instance.
 
That's why with GitLab 11.7, we introduced a new way to include job definitions, using
[templates](/blog/2019/01/22/gitlab-11-7-released/#include-cicd-files-from-other-projects-and-templates).
[templates](/releases/2019/01/22/gitlab-11-7-released/#include-cicd-files-from-other-projects-and-templates).
 
Starting with GitLab 11.9, we ship built-in templates for all the security jobs, like
`sast` and `dependency_scanning`, that are compatible with the GitLab version
......@@ -263,7 +263,7 @@ features:
stage: plan
issue_url: "https://gitlab.com/gitlab-org/gitlab-ee/issues/7328"
description: |
We recently released [Child Epics](/blog/2019/01/22/gitlab-11-7-released/#multi-level-child-epics), which is the ability to have epics of epics (in addition
We recently released [Child Epics](/releases/2019/01/22/gitlab-11-7-released/#multi-level-child-epics), which is the ability to have epics of epics (in addition
to child issues of epics).
 
With this release, you can now reorder the child
......@@ -412,7 +412,7 @@ features:
stage: plan
issue_url: "https://gitlab.com/gitlab-org/gitlab-ee/issues/8845"
description: |
We recently released [Child Epics](/blog/2019/01/22/gitlab-11-7-released/#multi-level-child-epics), which is the ability to have
We recently released [Child Epics](/releases/2019/01/22/gitlab-11-7-released/#multi-level-child-epics), which is the ability to have
epics of epics.
 
In GitLab 11.9, we've made it even easier to see
......
......@@ -629,7 +629,7 @@ deprecations:
 
If you utilize [vendored templates](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#including-the-provided-template), your configuration will be kept up to date with variable and argument changes.
 
As announced in [GitLab Release 12.0 post](/blog/2019/06/22/gitlab-12-0-released/#deprecated-variables-and-argument-for-manual-configurations-of-%60.gitlab-ci.yml%60-when-using-secure-features)
As announced in [GitLab Release 12.0 post](/releases/2019/06/22/gitlab-12-0-released/#deprecated-variables-and-argument-for-manual-configurations-of-%60.gitlab-ci.yml%60-when-using-secure-features)
 
- feature_name: "gitlab-monitor tool renamed to gitlab-exporter"
due: September 22, 2019
......
......@@ -381,7 +381,7 @@ features:
issue_url: "https://gitlab.com/gitlab-org/gitlab/issues/29067"
description: |
In GitLab 12.0, we introduced [Visual Review
Tools](https://about.gitlab.com/blog/2019/06/22/gitlab-12-0-released/#visual-reviews)
Tools](https://about.gitlab.com/releases/2019/06/22/gitlab-12-0-released/#visual-reviews)
to allow users to provide feedback on merge requests from the Review App
itself.
 
......@@ -1020,7 +1020,7 @@ deprecations:
reporter: NicoleSchwartz
description: |
As previously announced in [Release Post
12.0](/blog/2019/06/22/gitlab-12-0-released/#deprecated-variables-and-argument-for-manual-configurations-of-%60.gitlab-ci.yml%60-when-using-secure-features),
12.0](/releases/2019/06/22/gitlab-12-0-released/#deprecated-variables-and-argument-for-manual-configurations-of-%60.gitlab-ci.yml%60-when-using-secure-features),
if you have manually configured `.gitlab-ci.yml`:
 
- The command line argument `--auth-first-page` was removed in [issue 7182](https://gitlab.com/gitlab-org/gitlab/issues/7182) and is no longer supported and you need to remove it.
......
......@@ -26,24 +26,24 @@ For our first official security-oriented analyst evaluation, we are excited to b
 
As a company dedicated to releasing incrementally, delivering first on breadth and then on depth, it is not uncommon for GitLab to initially place in more of a challenger position, as our feature set generally does not have the same maturity as established players in the space. However, when GitLab enters a space, we do so boldly, with clear intentions and a solid strategy. GitLab’s strategy for application security testing and software composition analysis focuses more equally on both the developer and the security professional than traditional solutions. You will find some areas in strategy where we were not scored as highly as we believe we should be due to our more aggressive focus on development.
 
Forrester's takeaway above regarding developers continuing to use open source is closely aligned to the GitLab [vision for application security testing](https://about.gitlab.com/direction/secure/#direction) and our work in progress for [auto remediation](https://gitlab.com/groups/gitlab-org/-/epics/133). While not available in the evaluated version (11.6), a subsequent release can now [detect a more current patch available](https://about.gitlab.com/blog/2019/03/22/gitlab-11-9-released/#vulnerability-remediation-merge-request) and enable the developer to create a [new branch and apply the patch](https://docs.gitlab.com/ee/user/application_security/security_dashboard/#create-a-merge-request-from-a-vulnerability) with one click. Upcoming versions will [automatically run the pipeline and present the results](https://gitlab.com/groups/gitlab-org/-/epics/275) to the developer to accept or reject.
Forrester's takeaway above regarding developers continuing to use open source is closely aligned to the GitLab [vision for application security testing](https://about.gitlab.com/direction/secure/#direction) and our work in progress for [auto remediation](https://gitlab.com/groups/gitlab-org/-/epics/133). While not available in the evaluated version (11.6), a subsequent release can now [detect a more current patch available](https://about.gitlab.com/releases/2019/03/22/gitlab-11-9-released/#vulnerability-remediation-merge-request) and enable the developer to create a [new branch and apply the patch](https://docs.gitlab.com/ee/user/application_security/security_dashboard/#create-a-merge-request-from-a-vulnerability) with one click. Upcoming versions will [automatically run the pipeline and present the results](https://gitlab.com/groups/gitlab-org/-/epics/275) to the developer to accept or reject.
 
### Updates since the evaluation
 
GitLab has provided a major [new release every month](https://about.gitlab.com/releases/categories/releases/) for 90 consecutive months. Forrester evaluated version 11.6 for this report while versions [11.7](https://about.gitlab.com/blog/2019/01/22/gitlab-11-7-released/), [11.8](https://about.gitlab.com/blog/2019/02/22/gitlab-11-8-released/) and [11.9](https://about.gitlab.com/blog/2019/03/22/gitlab-11-9-released/) have since been released. You will find several features that Forrester felt were lacking have already been added including improvements to the security dashboard, additional languages added to SAST scanning, and secrets detection.
GitLab has provided a major [new release every month](https://about.gitlab.com/releases/categories/releases/) for 90 consecutive months. Forrester evaluated version 11.6 for this report while versions [11.7](https://about.gitlab.com/releases/2019/01/22/gitlab-11-7-released/), [11.8](https://about.gitlab.com/releases/2019/02/22/gitlab-11-8-released/) and [11.9](https://about.gitlab.com/releases/2019/03/22/gitlab-11-9-released/) have since been released. You will find several features that Forrester felt were lacking have already been added including improvements to the security dashboard, additional languages added to SAST scanning, and secrets detection.
 
Specifically, we have added the following since 11.6 was evaluated:
- [Group Security Dashboard](https://docs.gitlab.com/ee/user/application_security/security_dashboard/#viewing-the-vulnerabilities)
- [Added filters](https://about.gitlab.com/blog/2019/01/22/gitlab-11-7-released/#filter-vulnerabilities-in-the-group-security-dashboard) to display vulnerabilities by severity, report type, and project name
- Added [Dependency Scanning results](https://about.gitlab.com/blog/2019/01/22/gitlab-11-7-released/#show-dependency-scanning-results-in-the-group-security-dashboard) and [Container Scanning results](https://about-src.gitlab.com/2019/03/22/gitlab-11-9-released/#container-scanning-results-in-the-group-security-dashboard) to the existing SAST results
- [Added filters](https://about.gitlab.com/releases/2019/01/22/gitlab-11-7-released/#filter-vulnerabilities-in-the-group-security-dashboard) to display vulnerabilities by severity, report type, and project name
- Added [Dependency Scanning results](https://about.gitlab.com/releases/2019/01/22/gitlab-11-7-released/#show-dependency-scanning-results-in-the-group-security-dashboard) and [Container Scanning results](https://about-src.gitlab.com/2019/03/22/gitlab-11-9-released/#container-scanning-results-in-the-group-security-dashboard) to the existing SAST results
- Enabled [adjustable time ranges for security dashboard charts](https://about-src.gitlab.com/2019/03/22/gitlab-11-9-released/#adjustable-time-ranges-for-security-dashboard-charts)
- [SAST language coverage](https://docs.gitlab.com/ee/user/application_security/sast)
- [JavaScript](https://about.gitlab.com/blog/2019/02/22/gitlab-11-8-released/#sast-support-for-javascript)
- [TypeScript](https://about.gitlab.com/blog/2019/03/22/gitlab-11-9-released/#sast-for-typescript)
- [JavaScript](https://about.gitlab.com/releases/2019/02/22/gitlab-11-8-released/#sast-support-for-javascript)
- [TypeScript](https://about.gitlab.com/releases/2019/03/22/gitlab-11-9-released/#sast-for-typescript)
- [SAST for multi-module Maven projects](https://about-src.gitlab.com/2019/03/22/gitlab-11-9-released/#sast-for-multi-module-maven-projects)
- [Merge Request Approval Rules](https://about.gitlab.com/blog/2019/02/22/gitlab-11-8-released/#merge-request-approval-rules) for those wishing to have more control - easily define [rules](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/rules.html#multiple-approval-rules) for who needs to approve a change, whether it's a specific user, group, or role.
- [Confidential issues for security vulnerabilities](https://about.gitlab.com/blog/2019/02/22/gitlab-11-8-released/#confidential-issues-for-security-vulnerabilities)
- [Detect secrets and credentials in the repository](https://about.gitlab.com/blog/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository) developers may unintentionally commit secrets and credentials to their remote repositories. GitLab 11.9 introduced a Secret Detection feature that scans the content of the repository to find API keys and other information that should not be there. [Results are displayed](https://docs.gitlab.com/ee/user/application_security/sast#secret-detection) in the SAST report in the merge request widget, pipelines reports, and the security dashboards.
- [Merge Request Approval Rules](https://about.gitlab.com/releases/2019/02/22/gitlab-11-8-released/#merge-request-approval-rules) for those wishing to have more control - easily define [rules](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/rules.html#multiple-approval-rules) for who needs to approve a change, whether it's a specific user, group, or role.
- [Confidential issues for security vulnerabilities](https://about.gitlab.com/releases/2019/02/22/gitlab-11-8-released/#confidential-issues-for-security-vulnerabilities)
- [Detect secrets and credentials in the repository](https://about.gitlab.com/releases/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository) developers may unintentionally commit secrets and credentials to their remote repositories. GitLab 11.9 introduced a Secret Detection feature that scans the content of the repository to find API keys and other information that should not be there. [Results are displayed](https://docs.gitlab.com/ee/user/application_security/sast#secret-detection) in the SAST report in the merge request widget, pipelines reports, and the security dashboards.
 
Note that as of August, 2019, the GitLab **License Management** capabilities have been renamed to **License Compliance**.
 
......@@ -53,7 +53,7 @@ Note that as of August, 2019, the GitLab **License Management** capabilities hav
We understand that some security professionals may be uncomfortable that a developer can “dismiss” a vulnerability found in a scan. Vulnerabilities that are dismissed by the developer are still included in both the pipeline report and the security dashboards. Security can easily revert the dismissal if they disagree. If security wants to review every dismissal, they are easily identified. We are also adding the ability to [capture comments](https://gitlab.com/gitlab-org/gitlab-ee/issues/10364) for the dismissal to aid in communication between the developer and the security team. This aligns with our focus on providing as much visibility into all activities as possible to speed and simplify collaboration while maintaining accountability.
 
**Quality gates**
A gated waterfall approach to security is incongruent with an iterative DevOps methodology. That is why GitLab’s preference is indeed to not “stop the build via quality gates”. For application security testing to scale alongside DevOps, developers must be empowered to find and resolve vulnerabilities on their own - without becoming security experts. Our [vision](https://about.gitlab.com/direction/secure/#direction) is that many of the vulnerabilities will be fixed via auto remediation where the developer is informed of the fix, and may choose to review/approve but does not need to do the remediation tasks themselves. In the meantime, we recognize that some enterprises may still want a gated review. We currently offer [merge request approval rules](https://about.gitlab.com/blog/2019/02/22/gitlab-11-8-released/#merge-request-approval-rules) to aid in this workflow. With planned [Security gates](https://gitlab.com/gitlab-org/gitlab-ee/issues/9928), GitLab will introduce a way to enable approval rules only if critical vulnerabilities are introduced with the new code, so the security team can focus on reviewing only those changes. We want to be clear that using manual approvals is not a requirement of the tool, though it may be a requirement of the user’s policy.
A gated waterfall approach to security is incongruent with an iterative DevOps methodology. That is why GitLab’s preference is indeed to not “stop the build via quality gates”. For application security testing to scale alongside DevOps, developers must be empowered to find and resolve vulnerabilities on their own - without becoming security experts. Our [vision](https://about.gitlab.com/direction/secure/#direction) is that many of the vulnerabilities will be fixed via auto remediation where the developer is informed of the fix, and may choose to review/approve but does not need to do the remediation tasks themselves. In the meantime, we recognize that some enterprises may still want a gated review. We currently offer [merge request approval rules](https://about.gitlab.com/releases/2019/02/22/gitlab-11-8-released/#merge-request-approval-rules) to aid in this workflow. With planned [Security gates](https://gitlab.com/gitlab-org/gitlab-ee/issues/9928), GitLab will introduce a way to enable approval rules only if critical vulnerabilities are introduced with the new code, so the security team can focus on reviewing only those changes. We want to be clear that using manual approvals is not a requirement of the tool, though it may be a requirement of the user’s policy.
 
**Policy management**
As a result of this report, in addition to [Security gates](https://gitlab.com/gitlab-org/gitlab-ee/issues/9928), we have reprioritized adding the ability to [block the merge request if blacklisted licenses are found](https://gitlab.com/gitlab-org/gitlab-ee/issues/6924), enabling users to set the policy and have it automatically enforced by GitLab.
......
......@@ -103,7 +103,7 @@ order to ship features at the speed customers demand. An increase in visibility
reduces silos and facilitates collaboration, ensuring that everyone is aware of
what’s going on and where they’re needed. To give you an example of the power of
visibility, let's take a look at GitLab. If we calculated the average time to
deliver all the features in [11.8](/blog/2019/02/22/gitlab-11-8-released/), it would
deliver all the features in [11.8](/releases/2019/02/22/gitlab-11-8-released/), it would
be 250 days. With an increase in visibility, we're able to see that some features
we shipped took only 30 days, while others were in our backlog for three years.
Since we're on a monthly release cadence, knowing that many of our features were
......
......@@ -9,7 +9,7 @@ postType: product
ee_cta: false
---
 
On Mar. 20 2019 we released a [critical security release](/blog/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/) for a vulnerability in quick actions for issues that can expose project runner registration tokens to unauthorized users. This was originally reported to us on Mar. 14, 2019 through our public HackerOne program (identified by [jobert](https://hackerone.com/jobert)).
On Mar. 20 2019 we released a [critical security release](/releases/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/) for a vulnerability in quick actions for issues that can expose project runner registration tokens to unauthorized users. This was originally reported to us on Mar. 14, 2019 through our public HackerOne program (identified by [jobert](https://hackerone.com/jobert)).
 
## Response and mitigation
 
......
......@@ -36,7 +36,7 @@ Yet another problem was that if other users were also checking items on the list
your change could be erased by them checking their item – they were overwriting
your data.
 
In [GitLab 11.8](/blog/2019/02/22/gitlab-11-8-released/#performance-improvements) (released on Feb. 22, 2019),
In [GitLab 11.8](/releases/2019/02/22/gitlab-11-8-released/#performance-improvements) (released on Feb. 22, 2019),
we significantly increased the performance of task lists, as well as making them
much more robust. Here's how we did it:
 
......
......@@ -18,7 +18,7 @@ On April 5, 2019 we received a submission through our public HackerOne program b
 
### Response and mitigation
 
Following analysis of the vulnerability and impacted areas of GitLab, a patch was deployed to GitLab.com on April 8, 2019 and between 09:00 - 09:40 UTC and the Group Runner Registration Tokens were reset for all groups hosted on GitLab.com. The results of this deployment allowed us to validate the fix and confidently include it as part of the [GitLab Enterprise Edition (EE) 11.9.7, 11.8.7, and 11.7.11 critical security releases](/blog/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/).
Following analysis of the vulnerability and impacted areas of GitLab, a patch was deployed to GitLab.com on April 8, 2019 and between 09:00 - 09:40 UTC and the Group Runner Registration Tokens were reset for all groups hosted on GitLab.com. The results of this deployment allowed us to validate the fix and confidently include it as part of the [GitLab Enterprise Edition (EE) 11.9.7, 11.8.7, and 11.7.11 critical security releases](/releases/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/).
 
In parallel to the analysis, an investigation found no evidence to suggest any projects on GitLab.com had been compromised as a result of this vulnerability. We will continue to monitor for any related impact on GitLab.com.
 
......
......@@ -61,8 +61,8 @@ should be, due to our more aggressive focus on development.
 
GitLab has shipped a [major new release every month](/releases/categories/releases/)
for 90 consecutive months. Forrester evaluated GitLab 11.6 for this report while versions
[11.7](/blog/2019/01/22/gitlab-11-7-released/), [11.8](/blog/2019/02/22/gitlab-11-8-released/), and
[11.9](/blog/2019/03/22/gitlab-11-9-released/) have since been released. You will find several features
[11.7](/releases/2019/01/22/gitlab-11-7-released/), [11.8](/releases/2019/02/22/gitlab-11-8-released/), and
[11.9](/releases/2019/03/22/gitlab-11-9-released/) have since been released. You will find several features
that Forrester felt were lacking have already been added, including improvements to the
security dashboard, additional languages added to SAST scanning, and secrets detection.
When using Forrester’s scoring tool, be sure to adjust the criteria for our current capabilities.
......@@ -76,7 +76,7 @@ providers will lead the pack. Vendors that can provide developers with remediati
and even create patches position themselves to significantly reduce business risk.”
 
This takeaway is closely aligned with GitLab's [vision for application security testing](/direction/secure/#direction)
and our work in progress for [auto remediation](https://gitlab.com/groups/gitlab-org/-/epics/133). While not available in the evaluated version (11.6), today’s GA release, (11.9), [can detect a more current patch available](/blog/2019/03/22/gitlab-11-9-released/#vulnerability-remediation-merge-request) and
and our work in progress for [auto remediation](https://gitlab.com/groups/gitlab-org/-/epics/133). While not available in the evaluated version (11.6), today’s GA release, (11.9), [can detect a more current patch available](/releases/2019/03/22/gitlab-11-9-released/#vulnerability-remediation-merge-request) and
enable the developer to create a [new branch and apply the patch](https://docs.gitlab.com/ee/user/application_security/security_dashboard/#create-a-merge-request-from-a-vulnerability)
with one click. Upcoming versions will [automatically run the pipeline and present the results](https://gitlab.com/groups/gitlab-org/-/epics/275) to the developer to accept or reject.
By automating remediations that are readily apparent, developers and security can focus on
......
......@@ -85,6 +85,6 @@ All three platforms provide robust multi-factor authentication options:
 
**GitHub** provides [token scanning](https://help.github.com/en/articles/about-token-scanning) to notify a variety of service providers if secrets are published to public GitHub repositories. GitHub also provides [extensive guidance on preventing unauthorized account access](https://help.github.com/en/articles/preventing-unauthorized-access). We encourage all users to [enable two-factor authentication](https://help.github.com/en/articles/about-two-factor-authentication).
 
**GitLab** provides secrets detection in 11.9 as part of the [SAST functionality](/blog/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository). We also encourage users to [enable 2FA here](https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html), and set up [SSH keys](https://docs.gitlab.com/ee/ssh/).
**GitLab** provides secrets detection in 11.9 as part of the [SAST functionality](/releases/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository). We also encourage users to [enable 2FA here](https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html), and set up [SSH keys](https://docs.gitlab.com/ee/ssh/).
 
Thanks to the security and support teams of Atlassian Bitbucket, GitHub, and GitLab, including the following individuals for their contributions to this investigation and blog post: Mark Adams, Ethan Dodge, Sean McLucas, Elisabeth Nagy, Gary Sackett, Andrew Wurster (Atlassian Bitbucket); Matt Anderson, Howard Draper, Jay Swan, John Swanson (GitHub); Paul Harrison, Anthony Saba, Jayson Salazar, Jan Urbanc, Kathy Wang (GitLab).
......@@ -31,7 +31,7 @@ If you are a GitLab user, here is a quick cheat sheet of what GitHub announced t
</tr>
<tr>
<td class="tg-uys7">Automated MRs for dependency vulnerabilities <br>(Dependabot acquisition)</td>
<td class="tg-uys7"><a href="/blog/2019/03/22/gitlab-11-9-released/#vulnerability-remediation-merge-request">Vulnerability Remediation Merge Request</a></td>
<td class="tg-uys7"><a href="/releases/2019/03/22/gitlab-11-9-released/#vulnerability-remediation-merge-request">Vulnerability Remediation Merge Request</a></td>
</tr>
<tr>
<td class="tg-uys7">Dependency Insights</td>
......@@ -39,7 +39,7 @@ If you are a GitLab user, here is a quick cheat sheet of what GitHub announced t
</tr>
<tr>
<td class="tg-baqh">Token Scanning</td>
<td class="tg-baqh"><a href="/blog/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository">Secrets Detection</a></td>
<td class="tg-baqh"><a href="/releases/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository">Secrets Detection</a></td>
</tr>
<tr>
<td class="tg-baqh">Maintainer Security Advisories</td>
......
......@@ -297,7 +297,7 @@ for additional automated behaviors.
 
---
 
## [GitLab 11.7](/blog/2019/01/22/gitlab-11-7-released/)
## [GitLab 11.7](/releases/2019/01/22/gitlab-11-7-released/)
 
### Releases page
 
......@@ -348,7 +348,7 @@ to enable all kinds of repositories, built right into GitLab when you need them.
 
---
 
## [GitLab 11.8](/blog/2019/02/22/gitlab-11-8-released/)
## [GitLab 11.8](/releases/2019/02/22/gitlab-11-8-released/)
 
### `trigger:` keyword for pipelines
 
......@@ -383,7 +383,7 @@ making them very easy to find.
 
---
 
## [GitLab 11.9](/blog/2019/03/22/gitlab-11-9-released/)
## [GitLab 11.9](/releases/2019/03/22/gitlab-11-9-released/)
 
### Feature Flag auditability
 
......@@ -417,7 +417,7 @@ reusability, a great combination.
 
---
 
## [GitLab 11.10](/blog/2019/04/22/gitlab-11-10-released/)
## [GitLab 11.10](/releases/2019/04/22/gitlab-11-10-released/)
 
### Pipeline dashboard
 
......@@ -476,7 +476,7 @@ taking advantage of any updates made upstream.
 
---
 
## [GitLab 11.11](/blog/2019/05/22/gitlab-11-11-released/)
## [GitLab 11.11](/releases/2019/05/22/gitlab-11-11-released/)
 
### Windows Container Executor
 
......
......@@ -12,7 +12,7 @@ postType: content marketing
 
Great news, everyone!
[Hailed as one of the best inventions since sliced bread](https://gitlab.com/gitlab-com/marketing/corporate-marketing/issues/682),
[Scoped Labels](/blog/2019/04/22/gitlab-11-10-released/#scoped-labels) can make your
[Scoped Labels](/releases/2019/04/22/gitlab-11-10-released/#scoped-labels) can make your
custom workflows even cooler. We’re excited to share how using this small feature can
accelerate delivery.
 
......
......@@ -49,7 +49,7 @@ is that our engineers need confidence that the feature is performant,
that it won't threaten the overall stability of GitLab.com, and that it is
substantially bug-free. So we went through a [Production Readiness Review](https://gitlab.com/groups/gitlab-com/gl-infra/-/epics/64)
before enabling it. The review uncovered a number of pre-existing bugs and new regressions, which have all been fixed in the
[12.0 release](/blog/2019/06/22/gitlab-12-0-released/). Some of the bugs included:
[12.0 release](/releases/2019/06/22/gitlab-12-0-released/). Some of the bugs included:
 
* [Elasticsearch was sometimes used for searches, even when disabled](https://gitlab.com/gitlab-org/gitlab-ee/issues/11795)
* [Performance regression indexing database content](https://gitlab.com/gitlab-org/gitlab-ee/issues/11595)
......
......@@ -22,7 +22,7 @@ they start using GitLab 12.2. GitLab.com users will need to do so at the beginni
 
In the GitLab 12.0 release post, [we announced License Compliance<sup>1</sup> will change the
default version of Python from version
2 to version 3](/blog/2019/06/22/gitlab-12-0-released/#license-management-will-use-python-3-as-the-default-in-gitlab-12.2)
2 to version 3](/releases/2019/06/22/gitlab-12-0-released/#license-management-will-use-python-3-as-the-default-in-gitlab-12.2)
in GitLab 12.2, and that support for Python 2 would be deprecated in a future release due
to [Python 2.7 reaching the end of its life](https://pythonclock.org/) on Jan. 1, 2020.
 
......@@ -35,7 +35,7 @@ is changed, it will only begin to work starting with GitLab 12.2.
##### <sup>1</sup>What is License Compliance?
 
License Compliance, formerly called License
Management, [is being renamed to better align with common industry vernacular starting in 12.2](/blog/2019/06/22/gitlab-12-0-released/#secure-license-management-renamed-to-license-compliance-in-gitlab-12.0).
Management, [is being renamed to better align with common industry vernacular starting in 12.2](/releases/2019/06/22/gitlab-12-0-released/#secure-license-management-renamed-to-license-compliance-in-gitlab-12.0).
The purpose of License Compliance is to track which licenses are used by third-party
components included in your project, like libraries and external dependencies, and to check that
they are compatible with your organizations licensing model. License Compliance is part of our
......
......@@ -67,7 +67,7 @@ growth of the master branch.
It causes a lot of friction between developers and maintainers, slowing down the development cycle.
 
To address this problem, we introduced [Pipelines for Merged Results](https://docs.gitlab.com/ee/ci/merge_request_pipelines/pipelines_for_merged_results/index.html)
in [GitLab 11.10](/blog/2019/04/22/gitlab-11-10-released/#pipelines-for-merged-results).
in [GitLab 11.10](/releases/2019/04/22/gitlab-11-10-released/#pipelines-for-merged-results).
 
Simply put, the main difference between pipelines for merged results and normal pipelines is that
**pipelines run on merge commits, instead of source branches, before the actual merge happens**.
......
......@@ -23,7 +23,7 @@ Continuous integration and continuous delivery (CI/CD) are the gold standards of
 
“Auto DevOps is a [CI/CD pipeline](/topics/ci-cd/) that we have defined for you,” Mark says. “It’s basically all these best practices that we want to encourage everybody to have, and we believe are a good baseline for software development.” The goal is to have everyone set up to do CI/CD, but not just the bare minimum CI/CD, he says. “Like most people when they create a project, they start with running tests. That's the natural thing for CI. And then maybe they'll even get into CD, but they're not going to do things like [code quality](https://docs.gitlab.com/ee/user/project/merge_requests/code_quality.html) analysis and security analysis. And we really believe in the [shift left movement](/blog/2019/05/03/secure-containers-devops/). If you look at everything as a pipeline, we want to take security and things like that which are stuck at the end and we want to move them as far left as possible. We believe you should be checking for security even on your first deploy. So we said, okay, let's put all that in there and make a script that says this is everything that you should be doing, so let's just do it for you.”
 
The roots of Auto DevOps can be found in previous versions of GitLab which offered Auto Deploy. “We evolved [Auto DevOps] as the company evolved to have more and more capabilities around the DevOps lifecycle,” Mark explains. Today, Auto DevOps tackles 12 software development steps automatically. Customers wanting more flexibility can choose the [Composable Auto DevOps](/blog/2019/04/22/gitlab-11-10-released/#composable-auto-devops) option, where the template can easily be modified to suit the requirements.
The roots of Auto DevOps can be found in previous versions of GitLab which offered Auto Deploy. “We evolved [Auto DevOps] as the company evolved to have more and more capabilities around the DevOps lifecycle,” Mark explains. Today, Auto DevOps tackles 12 software development steps automatically. Customers wanting more flexibility can choose the [Composable Auto DevOps](/releases/2019/04/22/gitlab-11-10-released/#composable-auto-devops) option, where the template can easily be modified to suit the requirements.
 
## The Auto DevOps process
 
......
......@@ -32,7 +32,7 @@ We introduced many exciting new features to help our GitLab product better serve
 
## Multi-level child epics make project management a breeze
 
Before our 11.7 release, epics were limited to a two-level structure, but [in 11.7 we introduced multi-level child epics](/blog/2019/01/22/gitlab-11-7-released/#multi-level-child-epics), so you can now have an ancestor epic that contains up to five levels of child epics, as well as issues. This feature allows longer-term work strategies to be defined in ancestor epics, with strategy and deliverables being articulated in the lower tiers.
Before our 11.7 release, epics were limited to a two-level structure, but [in 11.7 we introduced multi-level child epics](/releases/2019/01/22/gitlab-11-7-released/#multi-level-child-epics), so you can now have an ancestor epic that contains up to five levels of child epics, as well as issues. This feature allows longer-term work strategies to be defined in ancestor epics, with strategy and deliverables being articulated in the lower tiers.
 
 
 
......
......@@ -40,7 +40,7 @@ Here is a demonstration video that explains the advantage of the merge train fea
 
## How the merge trains feature has evolved so far
 
After releasing [merge trains](/blog/2019/06/22/gitlab-12-0-released/#sequential-merge-trains) in GitLab 12.0, we immediately started to use this feature internally, and collected a lot of valuable feedback which helped us to improve and enhance the feature.
After releasing [merge trains](/releases/2019/06/22/gitlab-12-0-released/#sequential-merge-trains) in GitLab 12.0, we immediately started to use this feature internally, and collected a lot of valuable feedback which helped us to improve and enhance the feature.
 
We started by tuning the [merge train concurrency](https://gitlab.com/gitlab-org/gitlab/issues/31692). We understood that while merge trains is a feature that is designed to improve efficiency by making sure that master stays green, it can also create an unwanted bottleneck that slows down productivity if your merge requests needs to wait in a long queue in order to get merged.
 
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment