Blog How we made GitLab more secure in 2020
December 16, 2020
2 min read

How we made GitLab more secure in 2020

From preventing vulnerabilities to squashing bugs in source code; here’s how our security team has made GitLab more secure in 2020, and where they’ll focus efforts in 2021.


2020 was a highly-productive year, and one with high impact, which brought a number of security enhancements across GitLab’s product and environment.

Our primary goal of strengthening GitLab’s enterprise grade security was accomplished through the implementation of numerous security controls and led to the successful completion of our first SOC 2 Type 2 attestation. We completed a 2 month field security study which consumed and aggregated data from current and prospective customers, the broader community, industry and several internal stakeholders (sales, support and product) to generate a report with prioritized areas of focus for our SaaS service. Our teams have started strategic work aligned to these priorities and designed to further enhance security in our enterprise service, strengthen our competitive position and bolster the trust and confidence of our customers.

We also saw advancements in our goal of reducing the threat landscape. Vulnerability management was dramatically improved across all aspects of security including application security (reduced: time to mitigate, total overall vulnerabilities, and number of high severity vulnerabilities), infrastructure security (improved scanning capabilities and accuracy of detection as well as reduced time to patching and mitigation) and bug bounty (increased engagement, improved response and remediation). We implemented an industry leading governance, risk and compliance tool which improved the effectiveness and efficiency of risk management and third-party vendor reviews. As a result, we saw a substantial improvement in customer adoption and third party security scoring.

As we look ahead into 2021, we will continue to focus on strengthening the security of GitLab Core and SaaS through a number of new and improved security features and services. Further, we will ambitiously pursue a host of compliance certifications to independently validate implemented security controls designed to protect company and customer data. Lastly, we continue to strive for and assert ourselves as the most transparent security organization in the world. We are committed to finding creative and innovative ways of sharing our approach to security openly in our publicly available handbook and blogs.

Stronger intel for increased visibility, detection and response

Next gen SIEM

In October, our [Security Incident Response team (SIRT)](/handbook/security/#sirt

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

New to GitLab and not sure where to start?

Get started guide

Learn about what GitLab can do for your team

Talk to an expert