GitLab 17 is set to bring a new wave of innovation and efficiency to the DevSecOps landscape. As one of the most popular platforms for continuous integration and continuous delivery (CI/CD), GitLab constantly evolves to meet the needs of modern development teams. While releases of new features and enhancements will occur over time, this blog will cover the main themes of the GitLab 17 release. In this latest release, users can expect a host of new features and enhancements designed to streamline workflows, improve collaboration, and boost productivity. From advanced AI capabilities to enhanced security measures, GitLab 17 is poised to elevate your software development processes to new heights. This blog summarizes the release information in GitLab’s release webinar, hosted by Chief Product Officer, David DeSanto, Senior Director of Product Management, Hilary Benson, and Ashley Kramer, GitLab’s Chief Strategy Officer.
2024 Global DevSecOps Report
In their 8th annual Global DevSecOps Report, GitLab surveyed more than 5,000 DevSecOps professionals worldwide. The results found that organizations are prioritizing investments in security, AI, and automation — and all of these are having positive effects on the experiences of developers and software engineering teams. However, this year’s survey also highlighted specific areas, such as software supply chain security, that warrant particular attention as organizations build out their DevSecOps strategies. Let’s talk about the 4 main themes from the report.
Secure software by default
Securing software by default is becoming a shared responsibility across development teams, regardless of their specific roles. According to the report, 50% of respondents reported that they take part in application security tasks even if they aren’t officially part of a security team. This trend highlights the growing importance of integrating security practices throughout the software development lifecycle, ensuring that all team members contribute to building secure, robust applications.
Simplify toolchain complexity
Simplifying toolchain complexity is essential for enhancing developer productivity. Developers are eager to build features and solve problems, but they often face obstacles. Sometimes these obstacles are the very tools designed to help them. Over 70% of respondents indicated that onboarding a new developer takes more than a month, primarily due to the overwhelming number of tools involved. Streamlining these tools can significantly reduce onboarding time and allow developers to focus on what they do best—creating innovative solutions.
Measure with metrics
Metrics are crucial for improving the developer experience through automation. Surprisingly, about 50% of software executives do not measure their developers’ work or cycle times for their software lifecycle. This makes them miss valuable insights that could enhance productivity and efficiency. By implementing metrics, organizations can better understand their development processes, identify areas for improvement, and leverage automation to streamline workflows and boost overall performance.
Transforming with AI
An impressive 80% of respondents are either currently using AI or plan to incorporate it within the next two years. This trend underscores the growing recognition of AI’s potential to revolutionize various aspects of business operations. This includes benefits from automating routine tasks to providing advanced data insights. As more organizations embrace AI, its impact on efficiency, innovation, and competitive advantage will expand significantly.
Investing in the Future of GitLab
GitLab is investing in the pain points that were discovered in this report. That investment will be in 4 main areas.
Ashley Kramer – Chief Strategy Officer at GitLab
1. Integrating security into existing workflow
Automating compliance items and requirements into simple workflows is essential for maximizing efficiency, especially for understaffed teams. By streamlining these processes, teams can maintain compliance without overburdening their resources. This approach eliminates the need to choose between security and velocity, allowing teams to maintain high standards of security while continuing to deliver projects swiftly.
Automation enables consistent adherence to compliance requirements, freeing up valuable time and resources for innovation and growth. Earlier in 2024, GitLab acquired app security and governance vendor Oxeye. In the release event, GitLab mentioned they will slowly add Oxeye app security features over time into GitLab 17. Additionally, GitLab acquired the intellectual property of Rezilion to enrich vulnerability risk data, add auto-remediation capabilities, as well as runtime vulnerability reachability. They will also add these features into GitLab 17 in the near future.
2. Increase the power of the DevSecOps platform
Throughout the event, GitLab mentioned several new features, including adding enterprise agile planning capabilities and a new native secrets manager. This manager alleviates users from relying on 3rd party tools such as API tokens and CI environment variables. GitLab will be adding these features to GitLab 17 shortly.
3. Robust analytics and insights and observability
Comprehensive analytics capabilities for organizations to measure and optimize their workflows and applications. GitLab 17 will have more features for analytics and observability, including data that supports how to measure user adoption for your application, and monitoring of application performance. While the GitLab Analytics capabilities just became generally available, there will be more added to what exists today including closing the SDLC loop with user adoption metrics. GitLab will expand its AI Impact dashboard for contribution quality and cycle time metrics.
GitLab Chief Product Officer, David DeSanto
4. AI through the SDLC
Generative AI is transforming software development and delivery by automating tedious tasks and accelerating DevSecOps workflows. However, to fully harness its potential, AI must be integrated throughout the entire software development lifecycle, not just during code creation. As GitLab’s team said during the launch event, security and privacy must be baked into the application. According to GitLab’s 2023 State of AI in Software Development report, code creation accounts for only 25% of a developer’s time, indicating significant opportunities for AI in other critical tasks.
Other New Features Coming to GitLab 17
GitLab Dedicated
Organizations want SaaS, but also want the security and isolation of being self-managed. GitLab Dedicated will be available on Google Cloud with GitLab 17, and will provide the on-premise option for those companies wanting more control over their security.
CI/CD Catalog
GitLab is enhancing its CI/CD Catalog feature to facilitate the sharing of standardized components. This catalog, accessible across the company, allows all teams to benefit from shared resources and discover new tools. Additionally, there is a community version of this catalog, featuring over 100 available components, which fosters collaboration and innovation within the broader GitLab community.
Data Science Teams in GitLab
With GitLab 17, GitLab aims to better integrate data science teams into their platform. These teams are often siloed, which can hinder collaboration on joint deliverables. To address this, GitLab is introducing a model registry, enabling teams to build, train, test, and version AI models entirely within GitLab. This enhancement significantly expands the existing ML Ops functionality. Additionally, GitLab CI now offers GPU support, further enhancing the capabilities for data science workflows.
GitLab Duo Enterprise
GitLab Duo, an expanding toolbox of AI features, exemplifies practical AI applications. Examples include automating merge request descriptions, explaining code in natural language, conducting root cause analysis of pipeline errors, and resolving vulnerabilities. By leveraging AI consistently across the software development lifecycle, organizations can achieve faster cycle times, improve security, and enable teams to focus on higher-value tasks. GitLab also discussed GitLab Duo Enterprise, which will have even more capabilities.
Ready for GitLab?
As GitLab 17 brings a new wave of innovation and efficiency to the DevSecOps landscape, it is clear that this release will significantly enhance software development processes. With advanced AI capabilities, enhanced security measures, and features designed to streamline workflows and improve collaboration, GitLab 17 is poised to elevate your organization’s productivity and effectiveness. You can learn more about GitLab 17 through these resources, including the entire 40-minute release webinar.
To fully understand how these new features can benefit your team, we invite you to speak with SPK’s team of GitLab experts. They can provide detailed insights and personalized guidance to help you maximize the potential of GitLab 17 for your specific needs. Contact SPK and Associates today to learn more and start transforming your DevSecOps workflows.
