GitLab's October LinkedIn Live broadcast brought together security experts and product leaders to discuss the latest developments in application security and highlight key features from the GitLab 17.5 release. In case you missed it, here's what you need to know.
1. Software is moving faster and security is struggling to keep up
Development teams are shipping at record speeds, but their security counterparts are finding it difficult to meet that pace. Our DevSecOps survey revealed that 66% of companies are shipping code twice as fast as last year, while 55% of security teams are finding vulnerabilities after code is merged to test environments. With 80% of top data breaches coming from application layer attacks, this gap must be addressed.
2. Advanced SAST is getting smarter
GitLab's new Advanced SAST capabilities are a game-changer for security testing. Built on technology acquired from Oxeye, Advanced SAST offers cross-file and cross-function scanning with taint analysis. The star feature is a code flow view that lets developers trace vulnerabilities from source to sink, making it easier to understand and fix security issues.
Learn even more with our Advanced SAST tutorial.
3. Accidental secret commits are a thing of the past
GitLab's new secret push protection feature stops sensitive information from reaching your GitLab repository by checking the contents of each commit. Instead of dealing with the aftermath of exposed credentials, the system catches secrets before they're committed, saving security teams countless hours of remediation work.
4. AI is a security catalyst
AI isn't just for code completion anymore. GitLab Duo has evolved to understand merge requests and provide contextual security assistance. With the new Quick Chat feature (accessible via Alt+C), developers can get security insights without leaving their editor.
5. Static reachability reduces security noise
The new static reachability feature for Python and Java helps teams focus on vulnerabilities that matter. By identifying which dependencies are actually used in your code, it reduces false positives and helps teams prioritize real security threats.
Watch on-demand now
Watch the full "Security Deep Dive" recording to see these features in action and hear more insights from our security experts.
Be sure to follow GitLab on LinkedIn to be notified of our monthly broadcasts and get more insights and the latest news about AI-powered DevSecOps.
