Git repositories are hash trees. The distributed nature of git is a bit different but it shares similiarities. Definitly has the crypto checkmarks ticked.
AFAIK, the main thing that makes a blockchain a “blockchain” in the cryptocurrency sense, is the handling of consensus in case of double spend (race condition during a transaction), also known as Byzantine fault. Not really something Git has been built for.
Thanks for pointing that out, that made me gulp and I'm not even sure what 'Sec' they're talking about seeing they were recently featured in a defcon talk.
They have a sast scanner offering..we tried to use it
Basic thinks like "ignore this slew of reporting because the build is already deprecated" or "always ignore this error, false positive" are missing. The last few years gitlab only did marketing checklist driven development.
Yes, I've used it and the behaviour that we saw was it reporting every issue that had been in the repo ever (including in files that had been deleted). Which I suppose you might want, but every other scanning tool I've used chose the sensible default of scan what is there now.
Also, as far as I can, the security centre wouldn't let you download a .csv of current security issues in the repo - the UI lets you do a bunch of filtering, but the .csv always gives you everything, including issues that you've closed.
It's even worse when you scan your build artifacts, in our case containers. Each build added to the list , with no way to delete all stuff. Filtering and grouping are also missing.
We gave up on that and decided to use another tool.
My gripe with GL is that all features are like this now. There is no invest into the basic building blocks, just yapping for the next trend. Most customers for GL use it on premise because they want to use it on prem. I would focus on Features that benefit that crowd, but hey I am just an developing not a gilded c suite.
To be fair, having the “Sec” in your “DevSecOps” signify nothing whatsoever is basically the industry standard for companies describing their offerings with that term.
It's already there. Plenty of developer focused docs have been updated to mention AI however possible. I was just reading stripe docs, and was surprised by the number of fairly old features that got a doc update so instead of saying "For example, if you're selling a digital subscription with a physical item" to "For example, if you're selling access to an AI service with a physical item".
Or replacing "For example, If you're charging for API requests" to "For example, If you're charging for LLama AI Model API requests".
Heck, I had to review a doc change at work that was pretty stupid. Like one thing we offer is an S3-compatible endpoint. But someone thought we should clarify that you can upload AI models there too and all our docs should include an "AI developer" section for how to upload a blob that also happen to be a model or a lora or whatever.
Ha that’s hilarious! And no I work at another tech company, but I totally understand how minio decided to go with that marketing. It’s really infuriating and yet understandable.
When the AI craze stated, so many people in my company came to me asking “if we can run AI workload”? another thing we offer is fairly generic compute meant for your average web applications or micro service etc. Initially I said “I don’t think so. We don’t have GPUs nor do we have any ability to express hardware requirements beyond CPU and Memory. We’ll need to do some work to include GPU into that”.
Then hilariously I learned that you don’t need GPUs or ASICs to be able to run “AI workloads”. If your compute allows you to call OpenAI rest APIs, then you’re also “AI Ready”.
You know… the disruptive, game-changing tech company redefining source code hosting for the modern enterprise. Their cloud-native, next-gen platform is engineered for scalable, seamless integration with your DevOps pipeline, delivering end-to-end automation and real-time collaboration. Powered by AI-driven insights and built for maximum uptime, they offer enterprise-grade security, unmatched interoperability, and hyper-optimized CI/CD workflows. With a global, distributed infrastructure, they guarantee future-proof performance that accelerates your agile transformation—because your innovation deserves nothing less than excellence.
They built a very nice declarative CI/CD system before Github Actions existed. I think I was on Bamboo (and Jenkins) before going over to Gitlab and it was a breath of fresh air, a huge understatement. 2015ish.
