Security

Learn step-by-step how to process detected vulnerabilities and spawn merge request approval rules from critical vulnerabilities.

The new White House policy puts liability for poor security on software makers. Learn how DevSecOps can protect your organization.

DORA Accelerate State of DevOps report shows opportunity lies within better security practices, including a focus on culture.

Get a behind-the-scenes look at how I helped discover the vulnerability that became CVE-2022-41903.

Use this tutorial to build an automated web application screenshot report.

Find out about the researchers who together earned more than $1 million USD in prizes and their bug hunting contributions.

Compliance mandates call for controls to prevent software tampering, improve integrity of builds and artifacts, and support attestation. Here's how GitLab can help.

With phishing campaigns on the rise across the industry, we accelerated rollout of a program to further enhance our security hygiene program. This is how we did it.

Learn what organizations should keep in mind while incorporating software supply chain security into their software development lifecycle.

Learn how to identify your risk for CVE-2022-3786 and CVE-2022-3602.

Learn what a software bill of materials is and why it has become an integral part of modern software development.

Learn the role of SBOMs in helping to secure your software supply chain and how to generate them with the GitLab + Rezilion integration.

Learn how to add a Let's Encrypt TLS certificate to a website hosted and managed via GitLab Pages.

Pair IBoMs and SBOMs for a more secure software supply chain.

We created a private project containing a file with a flag. Use a permission-related vulnerability to bypass access control (without user interaction) and read the flag for a $20K USD bonus.