
Gitlab 11.9 released with secrets detection and multiple MR approval rules - jfreax
https://about.gitlab.com/2019/03/22/gitlab-11-9-released/
======
btasovac
Overview of the three main improvements in this release:

1\. Detect secrets and credentials in the repository

A recurring problem when developing applications is that developers may
unintentionally commit secrets and credentials to their remote repositories.
If other people have access to the source, or if the project is public, the
sensitive information is then exposed and can be leveraged by malicious users
to gain access to resources like deployment environments. GitLab 11.9 includes
a new check called Secret Detection. It scans the content of the repository to
find API keys and other information that should not be there. GitLab displays
results in the SAST report in the merge request widget, pipelines reports, and
the security dashboards.

2\. Merge request approval rules

Code review is an essential practice of every successful project, but who
should review the changes is not always clear. It is often desirable to have a
variety of reviewers from different teams like Engineering, UX, and Product.
Approval Rules allow you to better communicate who should participate in code
reviews by specifying the eligible approvers and the minimum number of
approvals for each. Approval rules are shown in the merge request widget so
the next reviewer can quickly be assigned.

3\. Move ChatOps to Core

Initially introduced in GitLab Ultimate 10.6, ChatOps has now moved to GitLab
Core. GitLab ChatOps provides the ability to trigger GitLab CI jobs from Slack
by using the slash commands feature. We are open sourcing this feature in
alignment with our buyer-driven tier designation to encourage its use and
contribution by the community.

