今天繼續回顧 2021 ~ 2022 GitLab 的歷史與功能發展。

• 2021/01 GitLab 變更計價，取消了 Bronze、Starter plan。
• 2021/01 GitLab 13.8（新功能：New Pipeline editor、Deployment frequency charts、Send an email to an issue、Export requirements to a CSV file、Upload metrics images directly to incidents、Geo support for PostgreSQL high-availability⋯⋯）
• 2021/02 GitLab 13.9（新功能：Security Alert Dashboard、Maintenance Mode、JavaScript and Python support for coverage-guided fuzz testing、Follow user activity、Create Jira issues from Vulnerabilities、Autocomplete GitLab CI Variables in VS Code、⋯⋯）
• 2021/03 GitLab 13.10（新功能：Integrate any IT alerting tool with GitLab、DORA4-based lead time for changes、API fuzz testing graphical configuration screen、View Jira issue details in GitLab、Clone project inside Visual Studio Code、Open project in Visual Studio Code、Support Java 15 for Dependency Scanning⋯⋯）
• 2021/04 GitLab 13.11（新功能：GitLab Agent for Kubernetes 即將正式取代 GitLab 過去的 K8s 整合方式、Compliance pipeline configurations、On-call Schedule Management、Export a user access report、Use multiple caches in the same job、Track DORA 4 lead time for changes metric、Request a CVE ID from the GitLab UI、Deploy GitLab on OpenShift and Kubernetes with the GitLab Operator、Add iteration lists in Boards、Experimental Semgrep Analyzer for Python, JavaScript, and TypeScript、OpenShift Support for SAST and Secret Detection、Support for Generic Kotlin SAST Scanning⋯⋯）
• 2021/05 GitLab 13.12（新功能：Show job dependencies in the pipeline graph、Elastic Stack cluster integration⋯⋯。13.x 的最後一次更新，沒有太多亮點與全新功能。）
• 2021/06 GitLab 收購了 UnReview（一間利用 ML 技術來輔助 Code Review 的公司）
• 2021/06 GitLab 14.0（新功能：Epic Boards、Terraform module registry、Container Scanning Integration with Trivy、Security report generalized details structure、Container Scanning Integration with Grype、⋯⋯）（One-click GitLab Managed Apps will be removed in GitLab 14.0）（Free tier scheduled pipeline frequency limit on GitLab.com）（14.x 的口號是更完整、更現代的 DevOps 平台，GitLab 14 signals shift to modern DevOps: A DevOps platform with velocity, trust, and visibility）
• 2021/07 GitLab 14.1（新功能：Escalation Policies、CI/CD Tunnel for Kubernetes clusters、Code coverage merge request approval rule、Datadog CI Visibility integration、Track progress on overall DevOps adoption、Track use of security scanning across multiple teams、The Package Registry now supports NuGet symbol packages、Dependency Scanning expands support for Gradle projects、Support for UBI-Based Container Scanning Image⋯⋯）
• 2021/08 GitLab 14.2（新功能：GitLab Build Cloud for macOS、Track use of dependency scanning and fuzz testing、Improved vulnerability tracking for GoSec, Semgrep, and Brakeman analyzers、Stageless pipelines、Create a GitLab branch from a Jira issue、Export membership CSV report from top-level group、View historical CI pipeline minute usage、View all Value Stream Analytics metrics for projects、Semgrep SAST Analyzer for C⋯⋯）
• 2021/09 GitLab 完成 IPO 上市。
• 2021/09 GitLab 14.3（新功能：Project-level DAST and secret detection scan execution policies、Use variables in other variables、GitLab Runner on IBM POWER9、Support for Kubernetes 1.20、License Compliance now supports Java 15⋯⋯）（不知道是不是在忙 IPO，這個月沒什麼亮點。）
• 2021/10 GitLab 14.4（新功能：Scheduled DAST scans、DevOps Adoption trend graph、Integrated error tracking inside GitLab without a Sentry instance、Semgrep SAST Analyzer for Go、More paid features available to free users⋯⋯）（不知道是不是因為 IPO 了，所以多送幾個功能下放到免費版。）
• 2021/11 GitLab 14.5（新功能：Infrastructure as Code security scannin、Cleaner diffs for Jupyter Notebook files、Group-level settings for merge request approvals、Additional Secret Detection pattern support⋯⋯）
• 2021/12 GitLab 收購了 Opstrace（一間開源的 Observability 解決方案）
• 2021/12 GitLab 14.6（新功能：Seamless worldwide performance with Geo、Set maximum SSH key lifetime、Custom ruleset composability for SAST and Secret Detection、SAST Support for .NET 6、Container Scanning results in the Dependency List、SAST scan execution policies⋯⋯）
• 2022/01 GitLab 14.7（新功能：GitLab Runner compliant with FIPS 140-2、Streaming audit events、LDAP failover support、OpenID Connect support for GitLab CI/CD⋯⋯）
• 2022/02 GitLab 14.8（新功能：Support for ecdsa-sk and ed25519-sk SSH key、Security approval policie、Auto-completion of keywords in the Pipeline Editor、Display average and median for DORA4 metrics graphs、Additional data for deployment frequency graph、Customize built-in SAST and Secret Detection rules、On-demand security scan index view、⋯⋯）
• 2022/03 GitLab 14.9（新功能：Rule mode for scan result policies、Integrated security training、New audit events、Streaming audit events for MR approvals、Include the same CI/CD template multiple times、ARM support for the GitLab agent for Kubernetes、Provision a Kubernetes cluster from GitLab with Terraform、Dependency Scanning adds support for Java 17⋯⋯）
• 2022/04 GitLab 14.10（新功能：Compliance report individual violation reporting、GitLab Runner Operator for Kubernetes、UI for streaming audit events、Escalating manually created incidents、Faster, easier Java scanning in SAST、Geo verifies CI job artifacts、⋯⋯）
• 2022/05 GitLab 15.0（新功能：Edit code blocks, links, and media inline in the WYSIWYG editor、Advanced Search is compatible with OpenSearch、Internal notes、Link external organizations and contacts to issues、Container Scanning available in all tiers、New audit events for merge settings、Support for failed status checks、Multiple account support for GitLab Workflow in VS Code、Cluster support for Kubernetes 1.22、Dependency scanning support for poetry.lock files⋯⋯）（Java 17 now the default version in dependency scanning）（PostgreSQL 12 deprecated）
• 2022/06 GitLab 發佈一篇 Blog《UnReview a year later: How GitLab is transforming DevOps code review with ML-powered functionality》可以視為 GitLab 宣示接下來會投入 AI/ML 這方面的功能與產品發展。
• 2022/06 GitLab 15.1（新功能：SAML Group Sync for self-managed GitLab、Enhancing visibility into Value Stream with DORA metrics、SLSA-2 attestation included for build artifacts、Improved insights discovery in Value Stream Analytics、GitLab.com sign-in for GitLab Workflow for VS Code、Rendered images in Python notebook MRs、FIPS-enabled Red Hat UBI Dependency Scanning image⋯⋯）
• 2022/07 GitLab 15.2（新功能：Live preview diagrams in the wiki WYSIWYG editor、Enforce IP address restrictions for Git over SSH、Group and subgroup scan execution policies、Incident timeline、Audit events 多項更新、Faster Secret Detection、⋯⋯）
• 2022/08 GitLab 15.3（新功能：Create tasks in issues、GitOps features are now free、Define password complexity requirements、DORA custom reporting for data-driven software development improvements、DAST API and API Fuzzing speed improvements、各種analyzer 更新⋯⋯）
• 2022/09 GitLab 15.4（新功能：Suggested Reviewers、Improved CI/CD integration in VS Code、Add linked resources to incident issues、More powerful Linux machine types for GitLab SaaS runners、Shimo as a wiki alternative、Boards: Display health status on issue cards⋯⋯）
• 2022/10 GitLab 15.5（新功能：Deploy apps to Google Cloud with GitLab Cloud Seed、Autocomplete suggestions in the Content Editor、Rule Mode for Scan Execution Policies、Operational container scanning、Improve DevOps efficiency with the pre-defined DORA comparison report、FIPS compliant Kubernetes integration、Run security scanning tools in merge request pipelines⋯⋯）
• 2022/11 GitLab 15.6（新功能：Group and subgroup-level scan result policies、Git abuse rate limiting、DAST API analyzer for on-demand DAST API scans、Support for special characters in CI/CD variables、Kubernetes 1.25 support⋯⋯）（Removal of support for NFS as Git repository storage）
• 2022/12 GitLab 15.7（新功能：GitLab CLI、Support GitOps deployments from outside the default branch、Sign commits with your SSH key、New Web IDE、Users cannot set a known weak password、Specify custom NTP server when running Geo health check、⋯⋯）

GitLab 從 2018 年，差不多是 11.x 開始開發 VS Code 的 Extension，一直都有在陸續更新，在 2022 則有比較多將它推到檯面上宣傳。另外從 GitLab 推出企業級付費功能 Geo 以來，一直都有在更新功能與效能，幾乎是每一次的 Release 都有在強化 Geo，讓它可以提供更完善的 HA。

GitLab 在 2021 收購了兩間企業，也增加了更多的第三方服務整合，很明顯的為了拓展功能與產品發展，一直有在尋找更多的合作夥伴（收購對象）；特別是 2021/06 收購的 UnReview，不只宣示 GitLab 會更多關注資料科學家的需求，同時也宣示了 AI/ML、MLOps 是下一個重要的產品發展路線。

雖然 Value Stream、DORA Metrics 的功能已經推出多年，在 14.x 明顯有做了一些強化像是增加更多 Track，應該是為了幫助企業客戶可以更理解團隊是怎麼使用 GitLab、以及使用帶來的成效。

2021 ~ 2022 整體來說，我覺得亮點不多，給人的感覺是繼續鞏固既有的市場，甚至我覺得自從 2021/09 IPO 之後，開發能量有一點下降的感覺，14.x 整體沒什麼亮點，感覺一下就進入 15.x，而 15.x 也多是繼續延續前面的成果，繼續強化了許多稽核與安全性的功能，我想應該是將開發能量轉移到產品維護了，畢竟整個 DevOps Lifecycle 該有的功能大致上都有了，是應該要去處理一些技術債，以及將現有的功能打磨得更好。假設 11.x 是 GitLab 的 DevOps Lifecycle 初版完成品，那麼 12.x ~ 13.x 就是持續迭代到產品足夠有潛力可以搶佔市場衝刺 IPO 上市，而 14.x ~ 15.x 則開始鞏固市場，並尋找新的市場與產品發展機會。

圖片來源 - 吉卜力工作室 https://www.ghibli.jp/works/totoro/#&gid=1&pid=43

參考資料

• https://handbook.gitlab.com/handbook/company/history/
• https://about.gitlab.com/releases/categories/releases/
• https://en.wikipedia.org/wiki/GitLab
• https://about.gitlab.com/blog/2022/06/02/unreview-a-year-later-how-gitlab-is-being-transformed-by-ml-powered-code-review/
• https://marketplace.visualstudio.com/items/GitLab.gitlab-workflow/changelog
• https://about.gitlab.com/blog/2021/06/22/gitlab-14-modern-devops/
• https://about.gitlab.com/blog/2022/06/02/unreview-a-year-later-how-gitlab-is-being-transformed-by-ml-powered-code-review/