Development platform: GitLab 18.10 introduces login via Passkey

The March update for GitLab brings security enhancements affecting login and the detection of false positive security warnings. Additionally, release version 18.10 promotes support for the Conan 2.0 Package Registry to beta. Previously, support for Conan, which C and C++ development teams use as a package manager, was only experimental and limited to the 1.x series.

Streamlined Explore Page

There are also improvements to usability: In Explore, the Projects page features a revised navigation that has removed redundant options, making it more streamlined than before. There are now two basic views, the Active tab and the Inactive tab. The Most starred projects have been removed. These can be found by sorting projects in the new tabs by their star count. The Trending tab is scheduled to be removed in GitLab 19.0.

Security Updates: Passkeys and SAST

GitLab 18.10 enables users of all editions to log in passwordlessly via Passkey and sets it as the default method for accounts with two-factor authentication enabled. Passkeys offer security benefits such as phishing protection. The private key remains on the device, while only the public key is stored on GitLab servers.

The AI service GitLab Duo Agent Platform has been generally available for about two months. In the new release, one of its features for Ultimate customers has also reached general availability: detecting false positives in Static Application Security Testing (SAST). This function can be enabled in the group or project settings. The assessment of how likely a SAST vulnerability is a false positive is then automatically performed, and the result is output directly in the vulnerability report.

All information about these and other features in the new release can be found by interested parties in the GitLab blog.

(mai)