GitLab.org/GitLab: Release v14.0.0-ee

Name: GitLab

Owner: GitLab.org

Release: GitLab 14.0

Released: 2021-06-22

License: MIT

Release Assets:

![42 new features](https://img.shields.io/static/v1?color=108548&label=new+features&labelColor=525252&message=42&style=for-the-badge "New features added in this release") ![2115 total badges](https://img.shields.io/static/v1?color=1F75CB&label=total+features&labelColor=525252&message=2115&style=for-the-badge "Total features") #### [Ultimate](https://about.gitlab.com/pricing/ultimate/) ![8 new features](https://img.shields.io/static/v1?color=108548&label=new+features&labelColor=525252&message=8&style=flat-square "New features added to this tier in this release") ![275 total badges](https://img.shields.io/static/v1?color=1F75CB&label=total+features&labelColor=525252&message=275&style=flat-square "Total features in this tier")

[Improved interface for adding groups to the DevOps Adoption table](https://docs.gitlab.com/ee/user/group/devops_adoption): DevOps Reports > The DevOps Adoption table provides insight into how GitLab has been adopted across your organization with a comparison by group and subgroup. Previously, you could add no more than 200 groups to the table. We understand that larger organizations can have thousands of GitLab groups. You can now use a searchable dropdown to add any subgroup to the table. > > In addition, subgroups removed from the DevOps Adoption table in one group [no longer automatically get removed](https://gitlab.com/gitlab-org/gitlab/-/issues/329521) from the tables of other groups. As a result of the data migration that was done for this fix, you might need to manually re-add some subgroups to your tables the first time that you revisit them.
[Track usage of Code Owners](https://docs.gitlab.com/ee/administration/analytics/dev_ops_report#devops-adoption): DevOps Reports > Code Owners are an important piece of the code review process in GitLab. When code owners are clearly identified, contributors can see who should review contributions to a file or repository. The Code Owners feature can also be used to establish a merge request approval process. Now, you can track which teams across your organization are using the Code Owners feature in their development workflow. > > If you would like to drive adoption of Code Owners, sort the DevOps Adoption table by the Code Owners column to find teams that haven't yet adopted the feature so you can easily identify which teams need help getting started. Alternatively, find teams that have successfully configured Code Owners and get tips and feedback. The DevOps Adoption table is available at [the group level](https://docs.gitlab.com/ee/user/group/devops_adoption/) and [the instance level](https://docs.gitlab.com/ee/administration/analytics/dev_ops_report.html#devops-adoption).
[Instance-level DevOps Adoption report enabled by default](https://docs.gitlab.com/ee/administration/analytics/dev_ops_report#devops-adoption) (self-managed only): DevOps Reports > Instance-level DevOps Adoption report is now enabled by default. The DevOps Adoption report shows which teams in your organization are using GitLab: > > - Issues > - Merge requests > - Approvals > - Runners > - Pipelines > - Deploys > - Scanning > > Compare GitLab adoption across your entire organization by adding groups to the adoption table. Here are just a few of the ways you can use the DevOps Adoption report: > > - Verify whether you are getting the return on investment that you expected from GitLab. > - Identify specific groups that are lagging in their adoption of GitLab so you can help them along in their DevOps journey. > - Identify groups that have adopted specific features, such as pipelines, and provide tips to other groups interested in getting started with these features. > > This is just the beginning of an exciting vision to measure DevOps adoption in your organization and evaluate the benefits. To learn about the additions that are coming next, [read the epic](https://gitlab.com/groups/gitlab-org/-/epics/5556). > > The DevOps Adoption report is also [available at the group level](https://docs.gitlab.com/ee/user/group/devops_adoption/). For SaaS users, get adoption insights for your entire organization by viewing the DevOps Adoption report in your top-level group.
[Lead time for merge requests at the group level](https://docs.gitlab.com/ee/user/analytics/ci_cd_analytics.html#lead-time-charts): Continuous Delivery > As part of our efforts to natively support [DORA4 metrics](https://docs.gitlab.com/ee/user/analytics/ci_cd_analytics.html#devops-research-and-assessment-dora-key-metrics) in GitLab, the lead time for merge requests chart is now available at the Group level. This release extends on the work completed in [GitLab 13.11](/releases/2021/04/22/gitlab-13-11-released/#track-dora-4-lead-time-for-changes-metric); you can now use a chart that shows how long it takes merge requests to be deployed to a production environment (not just in individual projects, but aggregated across a group). This allows you to get a full picture of throughput across multiple projects.
##### [Application security testing](https://about.gitlab.com/stages-devops-lifecycle/application_security_testing/)
[Security report generalized details structure](https://docs.gitlab.com/ee/user/application_security/vulnerabilities): Vulnerability Management > Automated security scanning is an important part of any secure development process. There are a wide variety of tools and technologies covering the entire SDLC from source code scanning to post-deployment application and infrastructure scanning. While the ultimate goal of any of these tools is to discover both known and potential vulnerabilities, the information coming from any given scanner can vary widely. Efforts to standardize scanning output data do exist but they tend to focus only on one category of scanning technology or even a specific set of tools. This presents a big challenge to security teams who need to aggregate a wide array of scanner findings. Without a consistent way to normalize disparate findings, viewing the unique details for each scanner's output can be a very apples-and-oranges experience. And if the tool outputs aren't aggregated, then results are often reviewed in the source tool, leaving the true picture of vulnerability risk fragmented and sitting outside of the rest of the DevOps toolchain. > > The new generalized details structure in our security report schemas can bridge this gap. You can already integrate a wide variety of security scanners into GitLab with minimal effort. Now you can go even further with rich formatting options for finding details. Our new structure makes it easy to map most tool's existing outputs into our JSON report formats while adding consistent presentation logic automatically. Flexibility without sacrificing the ability to provide rich vulnerability finding data is a primary purpose behind the new structure. Details are provided in an open structure using pre-defined data types. The pre-defined types handle both data validation as well as standardized UI presentation inside GitLab. For instance, we provide types such as Integer, URL, Table, and even GLFM ([GitLab Flavored Markdown](https://docs.gitlab.com/ee/user/markdown.html#gitlab-flavored-markdown-gfm)). This allows granular control over how finding details are presented while keeping the overall experience inside GitLab consistent.
[Aggregate identical DAST vulnerabilities into a single vulnerability](https://docs.gitlab.com/ee/user/application_security/dast/#reports): DAST > In GitLab 13.12 and earlier, all DAST vulnerabilities found in a scan were listed individually for each URL the vulnerability was found on. This could create many vulnerabilities when the fix was a single file or configuration change. For example: an issue with a server header sent with every HTTP response would be reported on every page on the site, rather than reported as a single issue with multiple occurrences. > > To reduce the overhead of managing vulnerabilities, GitLab combines identical vulnerabilities found on multiple pages into a single reported vulnerability in the DAST report. The vulnerability details include a list of all the URLs where the vulnerability was found, rather than individual vulnerabilities being created in the vulnerability list and dashboard for each page. > > This new reporting functionality will not retroactively combine vulnerabilities found in previous scans. It only applies to scans performed in GitLab 14.0 and later.
##### [Software supply chain security](https://about.gitlab.com/stages-devops-lifecycle/software_supply_chain_security/)
[Container Scanning Integration with Grype](https://docs.gitlab.com/ee/user/application_security/container_scanning/#change-scanners): Container Scanning > GitLab container scanning can now optionally use the Grype scanning engine instead of the default Trivy engine. This gives users flexibility and choice in selecting their container scanning engine. We did a [comparison of the two open source scanners](https://gitlab.com/gitlab-org/gitlab/-/issues/327174). However, as each scanner is unique, you may wish to do your own comparison to decide which is best for you. Users can try the Grype scanner by setting the CI variable `CS_ANALYZER_IMAGE: registry.gitlab.com/security-products/container-scanning/grype:4`.
[Container Scanning Integration with Trivy](https://docs.gitlab.com/ee/user/application_security/container_scanning): Container Scanning > Container scanning in GitLab now uses the Trivy engine by default. This change provides customers with more timely vulnerability intelligence updates, more accurate results, and support for a larger number of operating systems. Users who run container scanning with default settings are switched seamlessly and automatically to the new engine in GitLab 14.0. Users who customize the variables in their container scanning job should review our [migration guide](https://docs.gitlab.com/ee/user/application_security/container_scanning/#change-scanners) and make any necessary updates.
#### [Premium](https://about.gitlab.com/pricing/premium/) ![5 new features](https://img.shields.io/static/v1?color=108548&label=new+features&labelColor=525252&message=5&style=flat-square "New features added to this tier in this release") ![428 total badges](https://img.shields.io/static/v1?color=1F75CB&label=total+features&labelColor=525252&message=428&style=flat-square "Total features in this tier")
[Redesign for Geo sites dashboard](https://docs.gitlab.com/ee/administration/geo/replication/configuration.html#step-6-verify-proper-functioning-of-the-secondary-node) (self-managed only): Disaster Recovery, Geo-replication > Geo replicates and verifies many different data types. System administrators > need to monitor the health of their Geo sites to know whether there are any issues > requiring attention, such as projects that failed to sync, or checksum mismatches. > In our UX research, we found that administrators using the Geo admin page > often had trouble finding the information they needed, and that the information displayed > could be confusing. > Our redesigned Geo sites dashboard addresses these pain points. > We have added more useful indicators such as sync and verification summaries > for data types, and verification status bars for individual data type components. > We have also improved how the page is organized, reducing the number > of clicks needed to surface important information.
[Geo requires confirmation before resyncing all projects](https://docs.gitlab.com/ee/administration/geo/) (self-managed only): Disaster Recovery, Geo-replication > The Geo Admin UI provides a button to **Resync All** projects. For customers with a large amount of projects trying > to resync only failed repositories, unintentionally triggering this option can cause significant delays in > troubleshooting. We now display a confirmation modal whenever **Resync All** is selected. This small, but impactful, > UX improvement reduces the likelihood that administrators will accidentally trigger a resync of all their projects.
[Geo support for PostgreSQL high availability in GA](https://docs.gitlab.com/ee/administration/geo/setup/database.html#patroni-support) (self-managed only): Disaster Recovery > [Patroni](https://github.com/zalando/patroni) is a solution for > PostgreSQL high availability, which also allows the > configuration of a highly-available PostgreSQL standby cluster on a Geo > secondary. This configuration is important when a secondary is used as > part of a disaster recovery strategy, because it allows systems > administrators to mirror the number of database nodes on the primary and > secondary site. This means that after a failover, no additional database nodes must be provisioned to regain high availability. > > Geo now provides [generally available](https://about.gitlab.com/handbook/product/gitlab-the-product/#generally-available-ga) > support for highly-available PostgreSQL configurations using > [Patroni](https://docs.gitlab.com/ee/administration/postgresql/replication_and_failover.html#patroni). > > We have improved documentation, [upgraded to use Patroni version 2.0.2](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6135), [added database load balancing support on standby clusters](https://gitlab.com/gitlab-org/gitlab/-/issues/324657), and ensured that the command to [pause and resume > replication works with a Patroni standby cluster](https://gitlab.com/gitlab-org/gitlab/-/issues/276472).
##### [Plan](https://about.gitlab.com/stages-devops-lifecycle/plan/)
[Epic Boards](https://docs.gitlab.com/ee/user/group/epics/epic_boards.html): Epics, Boards > Epic Boards align teams and organizations by communicating the status of epics continuously. Previous versions of GitLab required you to view and sort epics in a list to view the overall status. Keeping epics up to date meant making most changes through an epic's detail page. Epic Boards enable you to visualize and refine all of your epics in one place, using a customizable, drag-and-drop interface that is easy for any teammate to understand and collaborate. > > Epic Boards are also a game-changer for managing and visualizing ideal epic workflows, such as authoring workflow states (Draft, Writing, Done), DevOps workflow states (such as Planned, In Development, and In Production), or any other mutually exclusive states you might model with scoped labels. Visualizing workflows with an Epic Board empowers you to increase predictability and efficiency.
##### [Monitor](https://about.gitlab.com/stages-devops-lifecycle/monitor/)
[Dynamically update the Incident Service Level Agreement Timer](https://docs.gitlab.com/ee/operations/incident_management/incidents.html#service-level-agreement-countdown-timer): Incident Management > The Incident Service Level Agreement (SLA) Timer, introduced in GitLab 13.5, shows the time remaining until an SLA violation for an incident. > However, the user had to refresh the page to update the timer. Starting in GitLab 14.0, the timer updates dynamically every 15 minutes without the need for a page refresh.
#### Core ![29 new features](https://img.shields.io/static/v1?color=108548&label=new+features&labelColor=525252&message=29&style=flat-square "New features added to this tier in this release") ![1412 total badges](https://img.shields.io/static/v1?color=1F75CB&label=total+features&labelColor=525252&message=1412&style=flat-square "Total features in this tier")
[Set pronouns on GitLab user profiles](https://docs.gitlab.com/ee/user/profile/#add-your-gender-pronouns): Users > Pronouns have been added to GitLab user profiles. The pronouns appear next to user names in the **Profile** tab. You can: > > - Decide whether or not to add pronouns to your profile. > - Self-identify and enter whatever pronouns you prefer, without selecting from a predefined list. > > Besides being more inclusive, GitLab wants help people use the correct pronouns when replying to comments to respect people's identity.
[Database load balancing moved to Free](https://docs.gitlab.com/ee/administration/database_load_balancing.html): Database > GitLab's database load balancer enables the distribution of read-only queries across multiple database servers. For GitLab instances with thousands of users, using the load balancer can reduce the load on the primary database and increase responsiveness, thus resulting in faster page load inside GitLab. > > In this release, we moved the load balancer from Premium to Free to allow more users to benefit from this feature.
[GitLab chart improvements](https://docs.gitlab.com/charts) (self-managed only): Cloud Native Installation > - With GitLab 14.0, it is expected the minimum version of Kubernetes to be 1.16. > - Previously, the [Kubernetes Agent Server (KAS) deployment had no way of specifying an imagePullSecret](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/2730). This would cause K8s to fail as not authorized. Now, with pullSecrets present the image fetch succeeds and the Pods start. > - GitLab 14.0 upgrades [Cert Manager to 1.2.0](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/2041). > - GitLab 14.0 upgrades [Grafana to chart version to 6.9.1](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/1991). Chart-deployed Grafana features are now on par with Omnibus (on 7.5.5) and resolves a deprecation issue.
[Omnibus improvements](https://docs.gitlab.com/omnibus) (self-managed only): Omnibus Package > - GitLab 14.0 includes [Mattermost 5.35.3](https://mattermost.com/blog/mattermost-release-v5-35/), an [open source Slack alternative](https://mattermost.com/). Due to the introduction of backend database architecture required for upcoming new features, the performance of the migration process for the v5.35 release is noticeably affected. Depending on the size, type, and version of the database, you should expect longer than usual upgrade times. This can vary from a couple of minutes (average case) to hours (worst case, MySQL 5.x only). You should also expect a moderate to significant spike in database CPU usage during this process. [More details on the performance impact of the migration and possible mitigation strategies are provided in this post](https://gist.github.com/streamer45/9aee4906639a49ebde68b2f3c0f924c1). > v5.35.3 introduces a new feature to [search for files](https://mattermost.com/blog/file-search/) and some changes to password generation logic used during bulk user import. Admins should immediately reset the passwords for all users generated during the bulk import process, and whose password has not been changed even once. > v5.35.3 also contains a high level security fix, and upgrading is recommended. > - Previously, new GitLab instances would prompt users for the initial root password by default after installation, which meant an anonymous user could get there first to set a root password and take control. Now, an [initial root password will be randomly created](https://gitlab.com/gitlab-org/gitlab/-/issues/211328) if one isn't provided by the user. This improves the default security of newly deployed GitLab instances. > - [The Omnibus GitLab docker image now includes BusyBox](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/4142) but removes vim and nano as pre-installed editors. BusyBox brings together minimal versions of lots of other tools, and by making BusyBox our default editor, we get many other tools that are useful when debugging inside of a container.
[Identify provisioned users at group level](https://docs.gitlab.com/ee/user/group/saml_sso/scim_setup.html#user-access-and-linking-setup): Authentication and Authorization > In this release, we have added the ability to identify provisioned users and contributors. A new **Enterprise** label is displayed against provisioned users. This helps users identify accounts that a group created via SCIM automation instead of accounts created manually by a user.
[SSH key expiration enforced by default](https://docs.gitlab.com/ee/administration/settings/account_and_limit_settings.html#enforce-ssh-key-expiration): Compliance Management > Expired SSH keys [added to GitLab](https://docs.gitlab.com/ee/ssh/#add-an-ssh-key-to-your-gitlab-account) > are now disabled by default. This helps to make your GitLab instance more secure. Previously, expired SSH keys added to GitLab were enabled by default, and could be used unless explicitly disabled by an administrator. > > This change affects expired SSH keys used on GitLab.com. If your keys are expired or will expire soon, you need to update the key and any services using them. Our [documentation](https://docs.gitlab.com/ee/ssh/) on SSH keys has helpful steps on how to create a new SSH key. > > Self-managed administrators can still [allow the use of expired keys](https://docs.gitlab.com/ee/administration/settings/account_and_limit_settings.html#allow-expired-ssh-keys-to-be-used), similar to how they > can [allow use of expired](https://docs.gitlab.com/ee/administration/settings/account_and_limit_settings.html#allow-expired-personal-access-tokens-to-be-used) personal access tokens.
[Performance bar shows how much memory is used](https://docs.gitlab.com/ee/administration/monitoring/performance/performance_bar.html): Memory > The [performance bar](https://docs.gitlab.com/ee/administration/monitoring/performance/performance_bar.html) allows systems administrators and software developers to understand the performance of a GitLab page. > > Increasing the visibility of memory used is important for software developers, so they can improve the performance and user experience of GitLab. In this release, we've added a memory field that shows the amount of memory consumed and objects allocated for the current request. When selected, a view is displayed with additional information. With this information available, software developers can spot memory issues earlier and develop more memory-efficient and performant features.
[Project storage location available in REST and GraphQL APIs](https://docs.gitlab.com/ee/api/projects.html#get-the-path-to-repository-storage) (self-managed only): API > When [Hashed Storage](https://docs.gitlab.com/ee/administration/repository_storage_types.html#hashed-storage) was introduced, it became more difficult to discover the storage location of projects. Systems administrators were able to look up the path on the project's admin UI, but it was impractical to do this for many projects. In this release, we've added API endpoints that expose a project's storage information. In the REST API, this new endpoint is `GET /projects/:id/storage`. For GraphQL, the `diskPath` field is now available in the `Repository` object.
[Horizontal navigation for project-level Value Stream Analytics](https://docs.gitlab.com/ee/user/analytics/value_stream_analytics.html#default-stages): Value Stream Management > The stages in project-level value stream analytics are now shown in a horizontal layout. This helps visualize the flow of work through the stages of a value stream. It also matches the navigation experience in group-level value stream analytics.
[GitLab upgraded to Ruby on Rails 6.1](https://docs.gitlab.com/ee/development/gemfile.html#gemfile-guidelines): Sharding > In this release, we upgraded Ruby on Rails to version 6.1 to take advantage of the latest improvements of the application framework. Please refer to the [Ruby on Rails 6.1 release notes](https://guides.rubyonrails.org/6_1_release_notes.html) for more details.
[Feature Flags User List is now on its own page](https://docs.gitlab.com/ee/operations/feature_flags.html#user-list): Feature Flags > Previously, to access the user lists, you had to navigate to a separate tab under the Feature Flags page. This design obscured the relationship between feature flags and user lists since user lists are a sub-feature of feature flags. > In this release, user lists are now under a subpage of Feature Flags, which improves the workflow and makes their relationship more clear.
[Terraform module registry built into GitLab](https://docs.gitlab.com/ee/user/packages/terraform_module_registry/index.html): Infrastructure as Code > Terraform modules play a central role in building standard infrastructure components throughout an organization. Up to GitLab 13.12, GitLab users had to use either a third-party Terraform module registry, local modules, or Git-based modules. While these options work well, they do not help with the distribution of the modules and they lack proper versioning support, which introduces risks for module users. GitLab 14.0 extends our [Infrastructure-as-Code offerings](https://docs.gitlab.com/ee/user/infrastructure/) with a Terraform module registry. Now, you can use the Terraform module registry built into GitLab to discover Terraform modules with semantic versioning support for upgrades and maintenance. Moreover, you can publish modules easily using GitLab CI/CD. > > While following Terraform's best practices, we recommend developing each Terraform module in a dedicated GitLab project. To simplify the transition to the registry, users can host and publish multiple modules from a single GitLab repository. You can learn more about publishing and consuming a new module [in our documentation](https://docs.gitlab.com/ee/user/packages/terraform_module_registry/index.html).
[Cluster management project template](https://docs.gitlab.com/ee/user/clusters/management_project_template.html): Kubernetes Management > In this release, we are moving away from the CI/CD template-based approach for cluster management. Cluster management is the ability to manage Kubernetes clusters to improve application availability running on a cluster. The old method hides too much of the logic, restricts customizations and extensions of your apps. With the new approach, you can easily create a cluster management project from a project template and fully control your applications. A project created using the new template contains the code needed for cluster management jobs, including [built-in support for several applications](https://docs.gitlab.com/ee/user/clusters/management_project_template.html#built-in-applications). You can easily extend the project to other applications and own them completely. > > Additionally, new applications will be installed using Helm v3. If you have former GitLab Managed Applications installed using Helm v2, check the [Helm migration guide](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) and the [GitLab Managed Apps migration guide](https://docs.gitlab.com/ee/user/clusters/migrating_from_gma_to_project_template.html). The CI/CD job output will also guide you through these migrations. > > In GitLab 14.0, the cluster management project supports only certificate-based cluster integrations. We plan to add support for the GitLab Agent for Kubernetes in the next release.
##### [Create](https://about.gitlab.com/stages-devops-lifecycle/create/)
[Slack notifications for wiki edits include links to diffs](https://docs.gitlab.com/ee/user/project/integrations/slack.html#triggers-available-for-slack-notifications): Wiki > Our [Slack notification service](https://docs.gitlab.com/ee/user/project/integrations/slack.html) can notify you when a user edits a wiki page. The Slack message gives you helpful context about the edit, including the project, page name, and the commit message. Sometimes, however, the commit message doesn't give enough context, and you need more information about how the content changed. > > Now you can click **Compare changes** in the Slack message to immediately view the diff, saving you time and reducing confusion from ambiguous or incomplete commit messages.
[Edit default path and project name when forking](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html#creating-a-fork): Source Code Management > Forking a project enables you to have an exact copy of an original repository where you can experiment, apply changes, and submit contributions to the parent project. Your forks should have meaningful names that explain their goals, and if your project is diverging, you may need multiple forks of a single project. > > In this release, GitLab now supports editing the project name and project slug directly when you create a fork. You can now create multiple forks of the same project, each with a different name, all in the same group!
[Streamlined top navigation menu](https://gitlab.com/gitlab-org/gitlab/-/issues/332635): Navigation & Settings > GitLab 14.0 introduces an all-new, streamlined top navigation menu to help you get where you're going faster and with fewer clicks. This new, consolidated menu offers the combined functionality of the previous Projects, Groups, and More menus. It gives you access to your projects, groups, and instance-level features with a single click. Additionally, all-new responsive views improve the navigation experience on smaller screens.
[Merge request reviews in VS Code](https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/blob/main/README.md): Editor Extension > As a developer, you often spend a majority of your time working in your local development environment. When you're assigned a merge request for review, this requires you to leave your editor and perform that review inside of GitLab. While performing your review inside GitLab, you might also need to use your local editor to gain more context on the proposed changes. > > [GitLab Workflow](https://marketplace.visualstudio.com/items?itemName=GitLab.gitlab-workflow) version `3.21.0` for Visual Studio Code (VS Code) now supports the complete merge request review process, including threads. Select the GitLab icon in VS Code to open the [sidebar](https://gitlab.com/gitlab-org/gitlab-vscode-extension#sidebar-details) to display **Merge requests I'm reviewing**. Select a merge request overview to view the complete details and discussions of the merge request. > > The sidebar also contains a list of all the changed files in the merge request. Selecting files opens a diff comparison for you to review the changes in VS Code. While viewing the diff, you can read feedback left on the files, and create new comments by selecting a line number and creating your comment. All comments and feedback you provide in VS Code are available in the GitLab web interface, making it easy for you to perform your reviews in VS Code, and other users to participate in GitLab. > > We're really excited about bringing the complete merge request review process to you inside of VS Code. Let us know what you think by [opening an issue](https://gitlab.com/gitlab-org/gitlab-vscode-extension/-/issues/new?issue%5Bmilestone_id%5D=) for GitLab Workflow.
[Sidebar navigation redesign](https://gitlab.com/gitlab-org/gitlab/-/issues/332635): Navigation & Settings > GitLab is big. And it's getting bigger. As we've introduced new features and categories, navigating the densely-packed left sidebar has become less intuitive. > > In GitLab 14.0 we've redesigned and restructured the left sidebar for improved usability, consistency, and discoverability. We've moved some links to features around, split up features in the **Operations** menu into three distinct menus, improved visual contrast, and optimized spacing so all the menu items can fit comfortably on a smaller screen. These changes are intended to better match your mental model of the DevOps lifecycle, and provide a more predictable and consistent experience while navigating within your projects and groups.
[Edit wiki pages with the WYSIWYG Markdown editor](https://docs.gitlab.com/ee/user/project/wiki/#content-editor): Wiki > Editing wiki content could be so much easier! Many GitLab wikis use Markdown formatting, and for some users, Markdown is a barrier to efficient collaboration. In this release, you now have access to a rich, modern Markdown editing experience in your wiki, so you can edit with confidence. > > Instant feedback and visual editing tools help make wiki editing more intuitive, and remove barriers to collaboration. GitLab saves the changes as Markdown when you're done, so users who want to edit the Markdown directly can do so. You can even type Markdown into the new editor and it will automatically format the text as you type. > > GitLab 14.0 introduces the [Content Editor](https://gitlab.com/groups/gitlab-org/-/epics/5401) into the Wiki with support for most of the basic Markdown content types like headers, bold and italic text, lists, code blocks, and links. [Full support](https://gitlab.com/groups/gitlab-org/-/epics/5438) for the entire [GitLab Flavored Markdown specification](https://docs.gitlab.com/ee/user/markdown.html) will arrive in upcoming releases. We also plan to make the Content Editor available in other areas of GitLab in the future. We welcome input on this early MVC in [this feedback issue](https://gitlab.com/gitlab-org/gitlab/-/issues/332629).
##### [Verify](https://about.gitlab.com/stages-devops-lifecycle/verify/)
[Add '~' to supported characters for CI/CD variable masking](https://docs.gitlab.com/ee/ci/variables/#mask-a-cicd-variable): Continuous Integration (CI) > Securely managing secrets stored in CI/CD variables is a must. You can hide variable values in job logs by masking the variables, but GitLab only support certain characters. Now we support masking variables with '~' in the value, which expands the feature to support more secrets generated from other secrets provider platforms. Thank you to [dallmair](https://gitlab.com/dallmair) for the community contribution!
[GitLab Runner 14.0](https://docs.gitlab.com/runner): GitLab Runner > We’re also releasing GitLab Runner 14.0 today! GitLab Runner is the lightweight, highly-scalable agent that runs your build jobs and sends the results back to a GitLab instance. GitLab Runner works in conjunction with GitLab CI/CD, the open-source continuous integration service included with GitLab. > > #### What's new: > > - [Make `pwsh`, PowerShell core, the default shell for new registrations of Windows Runners](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26419) > - [Introduce Ubuntu-flavored runner-helper image](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26876) > > #### Bug Fixes: > > - [PowerShell cannot be used with `FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY` set to false](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27758) > - [Permanently blocking Go routine in shell executor](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27892) > - [Failure reason `job_canceled` can be sent to Rails, which fails with a 500 error](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27449) > - [Gitlab Runner not able to resolve Gitlab URL - Kubernetes executor](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/4129) > > The list of all changes is in the GitLab Runner [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-runner/blob/14-0-stable/CHANGELOG.md).
[Predefined CI/CD variable for environment action](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html): Continuous Integration (CI) > If you want to reuse scripts and configuration between deployment jobs using the `environment:` keyword, it can be difficult to exclude certain behaviors based on the type of action the deployment job performs. For example, an `environment: action` of `stop` might be a job that is stopping a `review_app`, and you don't want your deployment scripts to run. > > Now, the value of `environment: action:` is available as the `CI_ENVIRONMENT_ACTION` predefined CI/CD variable, making it easier than ever to configure one script that can work for all deployment jobs.
[Identify which jobs triggered downstream pipelines](https://docs.gitlab.com/ee/ci/parent_child_pipelines.html): Pipeline Authoring > Previously, when looking at the pipeline view, it was difficult to determine which job triggered a downstream pipeline. Starting in 14.0, every downstream pipeline shows the name of the job that triggered it. This makes it easier to track the execution flow in complex pipelines that trigger downstream pipelines.
[Prepopulate the CI/CD pipeline editor with an initial template](https://docs.gitlab.com/ee/ci/pipeline_editor/): Pipeline Authoring > The pipeline editor in GitLab is your one-stop shop when interacting with CI/CD pipelines. Previously, when writing your first pipeline with the editor, you were presented with a blank configuration. While perfectly useful for experienced pipeline authors, it was a bit of a leap for those just starting out. > > In this release, if a project does not have a pipeline configured, the editor preloads a template showing an example 3-stage pipeline. You can save and run this pipeline right away to see it in action in your project. On top of that, it also has comments that help you understand the syntax, and tips and hints to help you start customizing the template to match your needs. It is now much easier to get your first green pipeline!
##### [Package](https://about.gitlab.com/stages-devops-lifecycle/package/)
[Delete associated package files via UI](https://docs.gitlab.com/ee/user/packages/package_registry/#delete-files-associated-with-a-package): Package Registry > You use the GitLab Package Registry to publish, install, and share your dependencies. When you publish a dependency, it generates several files including the package archive. Prior to GitLab 14.0, to delete such files you had to [use the API](https://docs.gitlab.com/ee/api/packages.html#delete-a-package-file). In GitLab 14.0, you can now use the UI to delete files related to a given package, and the package itself. > > Since maintaining a tidy registry can be challenging, our goal is to make the process easier and more efficient for you by adding more options for how to delete unused files.
[Install PyPI packages from your group or subgroup](https://docs.gitlab.com/ee/user/packages/pypi_repository/#install-from-the-group-level): Package Registry > You can use your project's Package Registry to publish and install PyPI packages. When you install a PyPI package, you must specify which project the package resides in. This works well if you have a small number of projects. If you have multiple projects nested within a group, you might quickly find yourself adding dozens or even hundreds of different sources. > > For large organizations with many teams, it's common for a team to publish packages to their project's Package Registry alongside the source code and pipelines. However, they must also be able to easily install dependencies from other projects within their organization. You can now install packages from your group, so you don't have to remember which package lives in which project. To do this, use the simple API to specify a package: `GET groups/:id/packages/pypi/files/:sha256/:file_identifier`. > > You can also write the output to a file, or return the package descriptor as an HTML file. [Read the docs](https://docs.gitlab.com/ee/user/packages/pypi_repository/#install-a-pypi-package) for more info and let us know how it goes. We hope that this helps to make your team and organization more efficient.
##### [Application security testing](https://about.gitlab.com/stages-devops-lifecycle/application_security_testing/)
[Static Analysis Analyzer Updates](https://docs.gitlab.com/ee/user/application_security/sast/analyzers): SAST, Secret Detection > GitLab Static Analysis is comprised of a [set of many security analyzers](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks) that the GitLab Static Analysis team actively manages, maintains, and updates. Below are the analyzer updates released during 14.0. These updates bring additional coverage, bug fixes, and improvements. > > - Semgrep updated to version 2.8.0 - [MR](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/merge_requests/53), [Changelog](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/blob/main/CHANGELOG.md#v280) > - Fixed wrong line numbers for multi line generic mode > - `SAST_EXCLUDED_PATHS` is passed to semgrep to exclude as semgrep runs > - Performance optimizations > - Add a url to primary identifier of a rule in the report to link to underlying rule > - GoSec updated to version 3.1.0 - [MR](https://gitlab.com/gitlab-org/security-products/analyzers/gosec/-/merge_requests/108), [Changelog](https://gitlab.com/gitlab-org/security-products/analyzers/gosec/-/blob/master/CHANGELOG.md) > - Remove `SAST_GOSEC_CONFIG` support, [deprecation notice](https://about.gitlab.com/releases/2021/05/22/gitlab-13-12-released/#remove-sast-analyzer-sast_gosec_config-variable-in-favor-of-custom-rulesets) > - Add `COMPILE` variable to support skipping dependency fetching when desired > - Add `GOSEC_GO_PKG_PATH` variable to give the option to set where go builds the app > - Update dependency fetching to only download packages and not build/install by default > - Flawfinder updated to version 2.0.17 - [MR](https://gitlab.com/gitlab-org/security-products/analyzers/flawfinder/-/merge_requests/56), [Changelog](https://gitlab.com/gitlab-org/security-products/analyzers/flawfinder/-/blob/master/CHANGELOG.md#v2141) > - SpotBugs updated to version 2.28.3 - [MR](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs/-/merge_requests/101), [Changelog](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs/-/blob/master/CHANGELOG.md) > - Updated dependencies > - PMD-Apex updated to version 2.12.3 - [MR](https://gitlab.com/gitlab-org/security-products/analyzers/pmd-apex/-/merge_requests/61), [Changelog](https://gitlab.com/gitlab-org/security-products/analyzers/pmd-apex/-/blob/master/CHANGELOG.md) > - Improved rule accuracy, bug fixes > - ESLint updated to version 7.27.0 - [MR](https://gitlab.com/gitlab-org/security-products/analyzers/eslint/-/merge_requests/81/diffs), [Changelog](https://gitlab.com/gitlab-org/security-products/analyzers/eslint/-/blob/master/CHANGELOG.md#v2200) > - Please note, this analyzer is planned to be [replaced by Semgrep](https://about.gitlab.com/releases/2021/04/22/gitlab-13-11-released/#gitlab--semgrep-upgrading-sast-for-the-future) in an upcoming release. > > > If you are [including the GitLab managed vendored SAST template](https://docs.gitlab.com/ee/user/application_security/sast/#configure-sast-in-your-cicd-yaml) ([`SAST.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml)) you do not need to do anything to receive these updates. However, if you override or customize your own CI template, you will need to update your CI configurations. If you want to remain on a specific version of any analyzer, you can now [pin to a minor version of an analyzer](https://docs.gitlab.com/ee/user/application_security/sast/#pinning-to-minor-image-version). Pinning to a previous version will prevent you from receiving automatic analyzer updates and require you to manually bump your analyzer version in your CI template.
[Pin to Specific SAST Analyzer Versions](https://docs.gitlab.com/ee/user/application_security/sast/#pinning-to-minor-image-version): SAST > With the maturity of GitLab Secure scanning tools, we've needed to add more granularity to our release process. Previously, GitLab shared a major version number for [all our analyzers and tools](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks). This requires all tools to share a major version and prevent the use of [semantic version numbering](https://semver.org/). Beginning in 14.0 GitLab SAST removed the `SAST_ANALYZER_IMAGE_TAG` global variable in our [managed SAST.gitlab-ci.yml](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml) CI template in favor of the analyzer job variable setting the 'major.minor' tag in the SAST vendored template. Each analyzer job now has a scoped `SAST_ANALYZER_IMAGE_TAG` variable which will be actively managed by GitLab and set to the 'major' tag for the respective analyzer. To pin to a specific version you simply [change the variable value to the specific version tag](https://docs.gitlab.com/ee/user/application_security/sast/#pinning-to-minor-image-version). > If you override or maintain custom versions of `SAST.gitlab-ci.yml` you will want to update your CI templates to stop referencing the global `SAST_ANALYZER_IMAGE_TAG` and move it to a scoped analyzer job tag. We strongly encourage [inheriting and overriding our managed CI templates](https://docs.gitlab.com/ee/user/application_security/sast/#overriding-sast-jobs) to future-proof your CI templates. This change will allow you to more granularly control future analyzer updates with a pinned `major.minor` version.
##### [Monitor](https://about.gitlab.com/stages-devops-lifecycle/monitor/)
[Change an issue's type](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#change-the-issue-type): Incident Management > In some cases, you may wish to change an issue's type. For example, you may want to escalate an issue to an [incident](https://docs.gitlab.com/ee/operations/incident_management/index.html) to ensure that your team handles the problem properly. To change an issue's type, edit the issue and select an issue type from the **Issue type** selector menu.

To top