Security

Subscribe

Follow Us

Featured Post
Dec 3, 2021

GitLab Technical Certifications program wins 5 awards at LearnX Conference

GitLab's Tech Certification programs won 5 different awards at this year's LearnX conference. Read on

Recent Posts

Post Image

Three things you might not know about GitLab security

Nov 23, 2021

There's so much more to GitLab's security offering than meets the eye. Here are three features you may have missed.

Post Image

Deep dive: the tech stack behind Spamcheck

We take a closer look at the tooling, technical choices, metrics and lessons learned behind our new anti-abuse tool.

Post Image

Top five actions engineers should take based on the OWASP Top 10 2021 security updates

Nov 15, 2021

Learn what actions engineers should take based on the OWASP Top 10 updates for 2021

Post Image

Action needed by self-managed customers in response to CVE-2021-22205

Nov 4, 2021

Self-managed users using outdated versions should update immediately.

Post Image

Our 3rd annual bug bounty contest: the swagtastic sequel to the sequel

Nov 1, 2021

We’re running a bug bounty contest November 1 thru December 3. Find a bug and be entered to win some sweet custom swag. What’s better than a contest? Increased bounty ranges!

Post Image

How we’re using DAST 2 for easier scan configuration and reduced noise

Oct 27, 2021

Our security team upgraded to GitLab’s DAST 2. Here’s how and why we did it.

Post Image

Threat modeling the Kubernetes Agent: from MVC to continuous improvement

Learn how we put our threat model into action iteratively and expanded the process into a full-fledged standalone activity.

Post Image

Notice for GitKraken users with GitLab

Oct 11, 2021

How we responded to Axosoft’s GitKraken software vulnerability affecting SSH keys and actions users should take.

Post Image

SemVer versioning: how we handled it with linear interval arithmetic

Sep 28, 2021

SemVer versioning made it difficult to automate processing. We turned to linear interval arithmetic to come up with a unified, language-agnostic semantic versioning approach.

Post Image

How to write and continuously test vulnerability detection rules for SAST

Anshuman Singh and Julian Thome and Ross Fuhrman
Sep 8, 2021

Interns with the Google Summer of Code helped GitLab transition from our old SAST tools to Semgrep.

Post Image

Why are developers so vulnerable to drive-by attacks?

Sep 7, 2021

The complexity of developer working environments make them more likely to be vulnerable to a drive-by attack. We talk about why and walk you through a real-life example from a recent disclosure here at GitLab, and provide tips to reduce the risk and impact of drive-by attacks.

Post Image

How to secure your software build pipeline using code signing

Eddie Glenn
Aug 30, 2021

The Venafi plugin for GitLab enables single sign-on and digital signatures to better secure your app.

Post Image

Introducing Spamcheck: A data-driven, anti-abuse engine

Ethan Urie, Juliet Wanjohi, Jayson Salazar, Alex Groleau and Alexander Dietrich
Aug 19, 2021

How we built, tested and deployed a new tool on GitLab that fights spam and abuse.

Post Image

How DevSecOps can protect businesses from future supply chain attacks

Pedro Fortuna
Aug 18, 2021

Learn how GitLab's all-in-one DevSecOps solution can help businesses keep their supply chains secure.

Post Image

Meet Package Hunter: A tool for detecting malicious code in your dependencies

Jul 23, 2021

We developed, tested and open sourced a new tool to analyze program dependencies and protect the supply chain.

Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license