Security

How we responded to a masked variable vulnerability in GitLab Runner version 13.9.0-rc1 and actions users should take.

Learn how to secure your Android application with Static Application Security Testing.

We take a look back at the year in bugs and bounties and celebrate the reporters and contributions that make us more secure.

Security may not be the first thing that comes to mind when thinking of our DevOps platform, but we’re going to make the case it should be. Here’s a look at some of the too-often-overlooked security features in GitLab Ultimate.

We help you get started with securing your Kubernetes cluster using Cilium, a GitLab-managed application.

Faster releases, more open source code, and developers unlikely to have formal security training = at risk software apps. The solution? A security champions program.

From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on GitLab.com. Here's what you need to know.

Our AppSec team breaks down what makes a great bug bounty report. That advice comes just in time, as we're having another bug bounty contest.

Keep your DAST job within timeout limits and fine-tune job configurations for better results

Our AppSec team built and ran a CTF, and now it's available for you to play at home.

When tasked to compare security tools, it's critical to understand what's a fair benchmark. We take you step by step through WebGoat's lessons and compare them to SAST and DAST results.

We walk you through how to configure WhiteSource in your GitLab instance to enhance your application security.

Containers are increasingly popular – and increasingly vulnerable. Using four threat scenarios, we step through how GitLab's built-in security features will make containers safer.

Learn how to call Jenkins jobs from GitLab and configure deterministic security jobs.

Learn about GitLab's commitment to security and compliance, our security program maturity and accreditations.