Security hygiene best practices for GitLab users

Johnathan Hunt ·
Mar 21, 2022 · 4 min read · Leave a comment

It's important to recognize that world events that cause global unrest and uncertainty can lead to an increase in cyberattacks. The GitLab Security department would like to remind our community of some suggested security hygiene measures that users should consider implementing to better protect themselves and reduce risk for their organizations, whether you are a GitLab.com or self-managed user.

You may have seen coverage of recent cyber attacks in the press focused on the theft of private source code repositories that demand a ransom to prevent their public disclosure. While specific details on how these attacks were successful are not publicly available, our experience and various threat intelligence activities tell us that credential spraying, phishing, malware, and even attempting to purchase insider access are the most likely tactics in use.

Following some simple security hygiene tips can go a long way to help defend you and your organization from these types of attacks:

If you're already doing everything above, fantastic! If we forgot something, please let us know. For reference, you can review our security best practices for GitLab team members. If you've got a security question or concern, review how to contact our Support team. If you believe you've discovered a vulnerability, see how to report it. Lastly, to stay informed you can sign-up to receive security alerts and notifications via email.

Thank you for working together with us to keep our community and GitLab safe and secure.

“Security hygiene measures that @gitlab users should consider implementing.” – Johnathan Hunt

Click to tweet

Open in Web IDE View source