The typical GitLab use case is to use the Renovate runner project templates, or some variant, to run Renovate in a GitLab CI job on a schedule. If you're looking for an option to provide a more responsive experience without the overhead of self-hosting Renovate, this solution uses Cloudflare Workers, GitLab webhooks, and triggered GitLab pipelines to configure Renovate to respond to repository activity.
GitLab continues to migrate Static Application Security Testing (SAST) to Semgrep, and makes this available to all GitLab tiers. This analysis only includes the rules that GitLab manages, but there are many more available in the Semgrep Rules project. This post details how to combine the two to get a more comprehensive analysis.
With it's default configuration, Renovate does a great job of managing container
image tag updates. One limitation is that for updates that include an OS in the
tag, for example the Alpine Linux version in python:3.11.3-alpine3.17,
Renovate only updates Python image tags matching that version, which may limit
updates, and doesn't identify any OS updates. This post details how to configure
Renovate to work around that limitation for Alpine images.
See all tags.
Aaron Goldenthal