Browse articles from Security
Recent posts
Security
Automating role-based access control (RBAC) at scale
This guide details setting up GitLab + Keycloak + OIDC for RBAC, covering planning, Docker configuration, and automated access governance for DevSecOps.
Security
Last year we signed the Secure by Design pledge - here's our progress
Learn about GitLab's CISA-aligned additions and improvements around MFA, default password reduction, patching, and vulnerability disclosure.
Security
Introducing compromised password detection for GitLab.com
GitLab is adding compromised password detection on June 19, 2025. After that date, users logging in with known compromised passwords will be warned. Here is what you need to know.
Security
Tutorial: Secure and optimize your Maven Repository in GitLab
Learn the best practices, advanced techniques, and upcoming features that improve the efficiency of your DevSecOps workflow.
Security
Our step-by-step guide to evaluating runtime security tools
Key learnings from the GitLab Security team’s runtime security tool evaluation on Kubernetes clusters and Linux servers using real-world attack simulations.
Security
How to use GitLab's Custom Compliance Frameworks in your DevSecOps environment
Explore how new frameworks, along with more than 50 out-of-the-box controls, transform regulatory requirements from burdensome checkboxes to integrated, automated workflow components.
Security
Introducing Custom Compliance Frameworks in GitLab
Reduce manual tracking, accelerate audit readiness, and enforce controls faster natively within GitLab DevSecOps workflows.
Find out which plan works best for your team
Learn about pricingLearn about what GitLab can do for your team
Talk to an expert