Posts in Security

For timely security release updates please subscribe to our security release RSS feed.

How to secure your Kubernetes pods using GitLab Container Network Security

Why you need a security champions program

GitLab's security trends report – our latest look at what's most vulnerable

Our top tips for better bug bounty reports, plus a hacker contest!

How to configure DAST full scans for complex web applications

How to play GitLab's Capture the Flag at home

How to Benchmark Security Tools: a Case Study Using WebGoat

How to secure your dependencies with GitLab and WhiteSource

Get better container security with GitLab: 4 real-world examples

How to capitalize on GitLab Security tools with external CI

How secure is GitLab?

GitLab instance: security best practices

The benefits of transparency in a compliance audit

How we approach open source security

Top 6 security trends in GitLab-hosted projects

How to exploit parser differentials

We answer your most popular questions about our Zero Trust journey

Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments

GitLab is now a member of the OWASP Foundation

Celebrating a million dollars in bounties paid

Introducing Token-Hunter

Bugs, bounties, and cherry browns

Shopping for an admin account via path traversal

How to overcome toolchain security challenges with GitLab

We are increasing bounties in our bug bounty program

Zero Trust at GitLab: Where do we go from here?

Zero Trust at GitLab: Implementation challenges (and a few solutions)

Why we're reducing the time to payout and launching a bug bounty anniversary contest

Zero Trust at GitLab: Mitigating challenges with data zones and authentication scoring

Zero Trust at GitLab: The data classification and infrastructure challenge

American Fuzzy Lop on GitLab: Automating instrumented fuzzing using pipelines

Zero Trust at GitLab: Problems, goals, and coming challenges

What we learned by taking our bug bounty program public

Turning the Adobe CCF into the GitLab Control Framework (it’s all open source!)

Ask GitLab Security: Alexander Dietrich

Ask GitLab Security: Roger Ostrander

When technology outpaces security compliance

Ask GitLab Security: Paul Harrison

How GitLab went about choosing the right compliance framework

Inside the GitLab public bug bounty program

Agile iteration: My unique onboarding experience at GitLab

GitLab's security tools and the HIPAA risk analysis

Group Runner Registration Token Vulnerability

The evolution of Zero Trust

An update on project runner registration token exposed through issues quick actions vulnerability

A deep dive into the Security Analyst persona

Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license