Posts in Security

For timely security release updates please subscribe to our security release RSS feed.

GitLab instance: security best practices

The benefits of transparency in a compliance audit

How we approach open source security

How to exploit parser differentials

We answer your most popular questions about our Zero Trust journey

Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments

GitLab is now a member of the OWASP Foundation

Celebrating a million dollars in bounties paid

Introducing Token-Hunter

Bugs, bounties, and cherry browns

Shopping for an admin account via path traversal

How to overcome toolchain security challenges with GitLab

We are increasing bounties in our bug bounty program

Zero Trust at GitLab: Where do we go from here?

Zero Trust at GitLab: Implementation challenges (and a few solutions)

Why we're reducing the time to payout and launching a bug bounty anniversary contest

Zero Trust at GitLab: Mitigating challenges with data zones and authentication scoring

Zero Trust at GitLab: The data classification and infrastructure challenge

American Fuzzy Lop on GitLab: Automating instrumented fuzzing using pipelines

Zero Trust at GitLab: Problems, goals, and coming challenges

What we learned by taking our bug bounty program public

Turning the Adobe CCF into the GitLab Control Framework (it’s all open source!)

Ask GitLab Security: Alexander Dietrich

Ask GitLab Security: Roger Ostrander

When technology outpaces security compliance

Ask GitLab Security: Paul Harrison

How GitLab went about choosing the right compliance framework

Inside the GitLab public bug bounty program

Agile iteration: My unique onboarding experience at GitLab

GitLab's security tools and the HIPAA risk analysis

Group Runner Registration Token Vulnerability

The evolution of Zero Trust

An update on project runner registration token exposed through issues quick actions vulnerability

A deep dive into the Security Analyst persona

GIT is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license